Apple Pay - Politica de confidențialitate

Raiffeisen Bank SA, cu sediul in Cladirea Sky Tower, Calea Floreasca, nr. 246C, cod postal 014476, Mun. Bucuresti, sector 1 („Banca”) prelucreaza, in calitate de operator, datele cu caracter personal ale Utilizatorilor de Carduri care doresc sa utilizeze Apple Pay, in conformitate cu prevederile legale aplicabile in domeniul protectiei datelor cu caracter personal.
Termenii utilizati cu majuscule in cadrul acestui document sunt definiti prin intermediul Termenilor si conditiilor privind inregistrarea si utilizarea cardurilor emise de Raiffeisen Bank in aplicatia Apple Pay („Termeni si Conditii”), disponibili la urmatorul link: https://www.raiffeisen.ro/applepay/
Prelucrarile de date cu caracter personal ale Utilizatorilor desfasurate de Apple si/sau de alti terti in contextul utilizarii Apple Pay sunt supuse conditiilor politicilor de confidentialitate sau altor documente prin care aceste entitati realizeaza informarea din perspectiva protectiei datelor cu caracter personal. Banca nu are un control sau vreo responsabilitate cu privire la modul in care Apple si/sau alti terti prelucreaza datele cu caracter personal ale Utilizatorilor care opteaza pentru inregistrarea Cardurilor in Apple Pay.
 
Scopuri si temeiuri de prelucrare
Banca prelucreaza date cu caracter personal ale Utilizatorilor pentru urmatoarele scopuri si avand la baza urmatoarele temeiuri de prelucrare:
i. In vederea indeplinirii obligatiilor legale, pentru urmatoarele scopuri: asigurarea conformarii cu cerintele legale care incumba in sarcina Bancii, inclusiv cele privind cunoasterea clientelei in vederea prevenirii spalarii banilor si combaterii finantarii terorismului. 
Furnizarea datelor cu caracter personal pentru aceste scopuri este necesara, refuzul in acest sens putand rezulta in imposibilitatea Utilizatorilor de a-si inregistra Cardurile in Apple Pay. 
ii. In baza contractului incheiat intre Banca si Utilizatori (reprezentat de Termeni si Conditii), pentru urmatoarele scopuri:
incheierea, derularea si gestionarea relatiei contractuale cu Utilizatorii prin asigurarea furnizarii tuturor serviciilor si functionalitatilor specifice prevazute in Termeni si Conditii. Procesul de inregistrare a Cardului in Apple Pay se finalizeaza prin luarea unei decizii, fara interventie umana, care are la baza o prelucrare exclusiv automata si care este posibil sa aiba ca rezultat refuzul la inregistrarea Cardului in Apple Pay. Aceasta decizie se va lua in urma parcurgerii procesului de inregistrare a Cardului si a analizarii informatiilor transmise de Apple catre Banca, inclusiv a recomandarilor primite din partea Apple in acest sens. O astfel de activitate de prelucrare implica un proces decizional automatizat. Cu privire la aceasta, Utilizatorii au dreptul de a obtine interventia umana din partea Bancii, de a-si exprima punctul de vedere si de a contesta decizia luata pe baza prelucrarii automate, prin utilizarea cailor de contact indicate in cuprinsul prezentei politici;  
asigurarea suportului tehnic necesar prin raportare la specificul serviciilor si functionalitatilor oferite;
derularea in bune conditii a tranzactiilor bancare;
optimizarea serviciilor financiar-bancare;
gestionarea calitatii datelor;
gestionarea reclamatiilor si sesizarilor primite cu privire la serviciile si functionalitatile specifice prevazute in Termeni si Conditii;
transmiterea de comunicari, inclusiv prin SMS, necesare prin raportare la serviciile si functionalitatile oferite, de exemplu: trimiterea unui SMS continand un cod (OTP – One Time Password) necesar pentru identificarea Utilizatorilor Cardului care urmeaza sa fie inregistrat in Apple Pay; notificarea Utilizatorilor cu scopul confirmarii inregistrarii Cardului in Apple Pay; notificarea Utilizatorilor pentru oferirea suportului tehnic necesar in cazul aparitiei unor probleme/dificultati in procesul de inregistrare a Cardului in Apple Pay; trimiterea unui SMS pentru fiecare tranzactie realizata prin Apple Pay. Furnizarea datelor cu caracter personal pentru aceste scopuri este necesara pentru incheierea contractului cu Banca, refuzul in acest sens putand rezulta in imposibilitatea Utilizatorilor de a-si inregistra Cardurile in Apple Pay.
iii. In baza interesului legitim al Bancii, pentru urmatoarele scopuri:
identificarea segmentului de clienti ai Bancii care ar fi interesati de utilizarea Apple Pay in vederea efectuarii de plati cu cardurile emise de Banca;
constatarea, exercitarea sau apararea unor drepturi ale Bancii in instanta;
realizarea de analize statistice;
imbunatatirea proceselor de lucru si experienta Utilizatorilor.Interesul legitim al Bancii consta in luarea masurilor necesare pentru asigurarea drepturilor Bancii in raport cu Utilizatorii si imbunatatirea serviciilor si produselor oferite de Banca.
Furnizarea datelor cu caracter personal pentru scopurile indicate mai sus nu reprezinta o obligatie legala sau contractuala a Utilizatorilor. Cu toate acestea, in anumite situatii, refuzul furnizarii datelor in aceste scopuri poate rezulta in imposibilitatea Utilizatorilor de a-si inregistra Cardurile in Apple Pay.
iv. In baza consimtamantului exprimat de catre Utilizatori, pentru urmatoarele scopuri:
transmiterea de comunicari comerciale prin mijloace de comunicare la distanta pentru promovarea posibilitatii de a utiliza Apple Pay in vederea efectuarii de plati cu Cardurile.Astfel de comunicari pot fi transmise si in vederea incurajarii acelor Utilizatori care (a) au inceput procesul de inregistrare a Cardului in Apple Pay, insa nu l-au finalizat sau care (b) si-au inregistrat Cardul in Apple Pay, insa nu au realizat tranzactii prin Apple Pay cu o anumita regularitate. 
evaluarea continua a interactiunii Utilizatorilor cu Apple Pay in contextul inregistrarii Cardurilor, in vederea crearii profilurilor de utilizatori. In baza profilurilor create se vor lua decizii, fara interventie umana, care ar putea rezulta, in anumite situatii, in acordarea de catre Banca in favoarea unor Utilizatori a unor beneficii/avantaje in contextul utilizarii Apple Pay, pentru incurajarea finalizarii procesului de inregistrare, respectiv pentru realizarea tranzactiilor cu o anumita periodicitate. O astfel de activitate de prelucrare implica un proces decizional automatizat. Cu privire la acesta, Utilizatorii au dreptul de a obtine interventia umana din partea Bancii, de a-si exprima punctul de vedere si de a contesta decizia luata pe baza prelucrarii automate, prin utilizarea cailor de contact indicate prin aceasta politica.Furnizarea datelor cu caracter personal si a consimtamantului pentru aceste scopuri este voluntara, refuzul in acest sens nu va rezulta in vreo consecinta negativa pentru Utilizatori.
Consimtamantul exprimat cu privire la activitatile de prelucrare de mai sus poate fi retras in orice moment, fara a afecta legalitatea activitatilor de prelucrare efectuate inaintea retragerii, prin urmarea instructiunilor incluse in comunicarile comerciale transmise ori prin trimiterea unei cereri la datele de contact indicate mai jos.
 
 
Categoriile de date cu caracter personal prelucrate si sursa acestora
In vederea indeplinirii scopurilor de prelucrare mentionate anterior, Banca prelucreaza urmatoarele categorii de date cu caracter personal ale Utilizatorilor colectate din urmatoarele surse:
a. date furnizate de Utilizatori in mod direct Bancii si date generate de Banca, direct sau prin imputernicitii sai: nume, prenume, gen, data nasterii, numar de telefon, adresa de e-mail, voce, date privind autentificarea, cod numeric personal, date privind tranzactiile realizate prin Apple Pay, date de card (numar card, cod IBAN, data de expirare si CVV), adresa de facturare, adresa de livrare, tara,  date privind comportamentul rezultat din utilizarea Apple Pay.
b. date colectate din alte surse, respectiv din partea Apple: nume, prenume, adresa de facturare, date de card (data de expirare si CVV), date cu privire la dispozitivele utilizate pentru inregistrarea Cardului, gradul de securitate evaluat de Apple in functie de dispozitivul/contul si numarul de telefon utilizate pentu inregistrarea Cardului, date referitoare la recomandarea Apple cu privire la inregistrarea Cardului in cadrul Apple Pay, urmare a analizei efectuate de Apple.
Banca nu prelucreaza datele biometrice din sistemul biometric al dispozitivului Utilizatorilor, cum sunt amprenta digitala – in cazul in care se utilizeaza functia Touch ID a dispozitivului sau imaginea faciala a Clientului – in cazul in care se utilizeaza functia Face ID a dispozitivului. Aceste date si modelele biometrice asociate acestora sunt si raman stocate pe dispozitivul Utilizatorului si se supun regulilor de prelucrare stabilite si comunicate prin intermediul dispozitivului respectiv.
In masura in care Utilizatorii vor furniza in procesul de inregistrare a Cardurilor in Apple Pay date cu caracter personal apartinand altor persoane fizice, avand in vedere imposibilitatea practica a Bancii de a asigura in mod direct informarea acestor categorii de persoane, este responsabilitatea Utilizatorilor sa informeze persoanele in cauza cu privire la prelucrarea datelor lor cu caracter personal de catre Banca si sa obtina consimtamantul acestora, in masura in care este necesar.
 
Categoriile de destinatari ai datelor cu caracter personal
Daca este necesar pentru indeplinirea scopurilor de prelucrare, Banca dezvaluie datele cu caracter personal ale Utilizatorilor catre urmatoarele categorii de destinatari: Utilizatori, in calitate de persoane vizate (in masura exercitarii dreptului de acces conform legislatiei aplicabile in materie), reprezentantii Bancii, alte persoane fizice sau juridice care prelucreaza datele cu caracter personal in numele sau impreuna cu Banca, entitatile din Grupul Raiffeisen, parteneri contractuali ai Bancii si ai entitatilor din Grupul Raiffeisen, autoritatea judecatoreasca, autoritati publice centrale si locale.
 
Transferul datelor cu caracter personal
Daca este necesar pentru indeplinirea scopurilor mai sus-mentionate, Banca va transfera anumite categorii de date cu caracter personal ale Utilizatorilor in afara Romaniei, atat in state din cadrul UE/SEE respectiv: Germania, Franta, Marea Britanie, cat si in state din afara UE/SEE, respectiv catre Statele Unite ale Americii.
Banca isi va intemeia transferul datelor cu caracter personal pe baza clauzelor contractuale standard adoptate la nivelul Comisiei Europene sau alte garantii recunoscute de lege.
Este posibil ca pe parcursul desfasurarii activitatii, statele de transfer mai sus mentionate sa se modifice. Puteti obtine o lista actualizata cu statele unde se transfera datele cu caracter personal accesand Politica privind protectia datelor cu caracter personal si confidentialitatea, disponibila la link-ul https://www.raiffeisen.ro/despre-noi/politica-de-confidentialitate/.
 
Durata prelucrarii
In vederea realizarii scopurilor de prelucrare mentionate, Banca va prelucra datele cu caracter personal pe durata indeplinirii scopurilor de prelucrare mentionate anterior, precum si ulterior, atunci cand exista o necesitate de afaceri legitima pentru a proceda astfel (de exemplu, pentru a furniza Utilizatorilor informatiile solicitate sau pentru a ne respecta obligatiile legale). Este posibil ca, in urma implinirii termenelor legale de arhivare, Banca sa dispuna anonimizarea datelor, lipsindu-le astfel de caracterul personal si sa continue prelucrarea datelor anonime pentru scopuri statistice.
 
Drepturile Utilizatorilor
Utilizatorii beneficiaza de urmatoarele drepturi in contextul prelucrarii de catre Banca a datelor cu caracter personal: dreptul la informare, dreptul de acces la date, dreptul la rectificare, dreptul la stergerea datelor („dreptul de a fi uitat”), dreptul la restrictionarea prelucrarii, dreptul la portabilitatea datelor, dreptul la opozitie, dreptul de a se adresa Autoritatii Nationale de Supraveghere a Prelucrarii Datelor cu Caracter Personal sau instantelor competente, in masura in care considera necesar.
Este posibil ca, in urma solicitarii de stergere a datelor, Banca sa anonimizeze aceste date (lipsindu-le astfel de caracterul personal) si sa continue in aceste conditii prelucrarea pentru scopuri statistice.
 
Informatii suplimentare si datele de contact ale Responsabilului privind Protectia Datelor
Prezenta sectiune se completeaza in mod corespunzator cu prevederile Politicii privind protectia datelor cu caracter personal si confidentialitatea, disponibila la link-ul https://www.raiffeisen.ro/despre-noi/politica-de-confidentialitate/, precum si cu Conditiile Generale de Derulare a Operatiunilor Bancare pentru Persoane Fizice, respectiv pentru Persoane Juridice.
Pentru detalii suplimentare cu privire la activitatile de prelucrare efectuate de catre Banca, precum si pentru exercitarea drepturilor de care beneficiaza in acest context, Utilizatorii se pot adresa printr-o cerere scrisa, la adresele oricareia dintre unitatile Raiffeisen Bank SA (pentru lista completa a unitatilor, acceseaza pagina https://www.raiffeisen.ro/retea/) sau printr-un e-mail catre Banca in acest sens, la urmatoarea adresa: centrala@raiffeisen.ro.
De asemenea, Utilizatorii au posibilitatea de a contacta si Responsabilul privind Protectia Datelor desemnat la nivelul Bancii, la urmatoarea adresa de e-mail: dpo@raiffeisen.ro
 
 
 
 
 
 
 
 
 
 
 
 
 
Data Processing Policy
 
 
 
Raiffeisen Bank SA, with its office in Sky Tower Building, Calea Floreasca No. 246C, postal code 014476, Bucharest, District 1, (“the Bank”), processes - as data controller - the personal data of Card Users who wish to use Apple Pay in compliance with the applicable data protection laws.
The terms used in capital letters in this document are defined within the Terms and Conditions regarding the Registration and Use of the Cards issued by Raiffeisen Bank in the Apple Pay Application ("Terms and Conditions"), available at the following link: https://www.raiffeisen.ro/applepay/ The User data processing carried out by Apple and/or other third parties when using Apple Pay is subject to data privacy policies or other documents whereby such entities give data privacy notices. The Bank has no control over or liability with respect to the manner in which Apple and/or other third parties process the personal data of the Users who choose to register their Cards in Apple Pay.
 
Processing purposes and grounds
The Bank processes the personal data of Users for the following purposes and based on the following grounds:
i. For fulfilling legal obligations, for the following purposes: ensuring compliance with the legal requirements governing the Bank, including the know-your-client requirements, for preventing money laundering and fighting against the financing of terrorist acts. 
Providing personal data for these purposes is necessary. Refusal to provide data in this respect may result in the impossibility of the Users to register their cards in Apple Pay. 
ii. Based on the agreement concluded between the Bank and the Users (represented by the Terms and Conditions), for the following purposes:
entering into, performance and management of the contractual relationship with the Users by ensuring the provision of all services and specific functionalities, as set out under the Terms and Conditions. The process of registration of a Card in Apple Pay is completed by a decision made without any human intervention which is based solely on automated processing and which may result in a refusal to register a Card in Apple Pay. Such decision will be made after the completion of the process of registration of a Card and the review of the information sent by Apple to the Bank, including the recommendations received from Apple for this purpose. Such processing involves an automated decision-making process. In this respect, the Users have the right to obtain human intervention from the Bank, to express their point of view and to object to the decision made based on automated processing, by using the contact details indicated herein;  
ensuring the required technical support in line with the nature of the offered services and functionalities;
proper performance of banking transactions;
optimization of financial and banking services;
management of data quality;
management of received complaints and notices with respect to the specific services and functionalities provided under the Terms and Conditions;
sending communications, including by text message, required in terms of the services and functionalities offered, e.g.: delivery of a text message containing a code (OTP – One Time Password) required for the identification of the Users of the Card which is to be registered in Apple Pay; notification of Users for the purposes of confirming the registration of the Card in Apple Pay; notification of Users for offering the required technical support in the event of issues/difficulties during the registration of the Card in Apple Pay; delivery of a text message for each transaction made by using Apple Pay. Provision of personal data for these purposes is necessary in order to conclude the contract with the Bank. Refusal to provide data in this respect may result in the impossibility of the Users to register their Cards in Apple Pay. 
iii. Based on the Bank’s legitimate interest, for the following purposes:
identification of the Bank’s client segment which may be interested in using Apple Pay for making payments with the cards issued by the Bank;
establishment, exercise or defense of legal claims;
preparation of statistical analyses;
improvement of work processes and User experience.The Bank’s legitimate interest consists of adopting the required measures in order to ensure the Bank’s rights in relation to the Users and improving the services and products offered by the Bank.
Providing personal data for the above-mentioned purposes is not a legal or contractual obligation of the Users. Nevertheless, in certain situations, the refusal to provide the data for these purposes may result in the impossibility for the Users to register their Cards in Apple Pay. 
 
iv. Based on the User’s consent, for the following purposes:
sending commercial communications by means of remote communication means for promoting the option to use Apple Pay for making payments with the Cards.Such notifications may also be sent in order to encourage those Users who (a) have initiated the process of registration of the Card in Apple Pay, but have not completed it, or who (b) have registered their Card in Apple Pay, but have not made transactions via Apple Pay on a regular basis.
continuous evaluation of User interaction with Apple Pay in the context of Card registration, in order to create user profiles.  Based on the profiles created, decisions will be made, without human intervention, which in certain situations may result in the Bank granting users with certain benefits/advantages in context of using Apple Pay, to encourage the completion of the registration process, respectively to carry out transactions with a certain periodicity. Such processing activity implies an automated decision-making process. In this respect, the Users have the right to obtain human intervention from the Bank, to express their viewpoint and to challenge the decision made based on automatic processing by using the means of contact indicated in this policy.Provision of personal data and expressing consent for these purposes is voluntary. Refusal in this respect will not result in any negative consequence for the Users.
The consent given with respect to the abovementioned processing activities may be withdrawn at any time, without affecting the lawfulness of the processing carried out prior to such withdrawal, by following the instructions included in the commercial communications delivered or by sending a request using the contact details mentioned below.
Categories of processed personal data and their source
In view of fulfilling the abovementioned processing purposes, the Bank processes the following categories of personal data concerning the Users collected from the following sources:
a. data provided by the Users directly to the Bank and data generated by the Bank, directly or by its processors: surname, first name, gender, date of birth, telephone number, e-mail address, voice, authentication data, personal identification number, data concerning the transactions made via Apple Pay, card data (card number, IBAN code, date of expiry and CVV), billing address, shipping address, country, data concerning the behavior resulting from the use of Apple Pay.
b. data collected from other sources, i.e. from Apple: surname, first name, billing address, card data (date of expiry and CVV), data concerning the devices used for registering the Card, the security level assessed by Apple based on the device/account and telephone number used to register the Card, data concerning Apple’s recommendation regarding the registration of the Card in Apple Pay, following the analysis conducted by Apple.
The Bank does not process biometric data from the biometric system of the User’s device such as fingerprint – if the device’s Touch ID function or the Client’s facial image is used – if the device’s Face ID function is used. Such data and related biometrical templates are and will remain stored on the User’s devices and are subject to the processing rules established and communicated by the respective device.
If, during the registration of the Cards in Apple Pay, Users provide personal data concerning other natural persons, given the Bank’s practical inability to directly inform such categories of persons, the Users will be responsible for informing such persons with respect to the processing of their personal data by the Bank and for obtaining their consent, if required.
 
 
Categories of recipients of personal data
If it is required for fulfilling its processing purposes, the Bank will disclose the Users’ personal data to the following categories of recipients: Users, as data subjects (if the right of access is exercised as set forth under the applicable relevant laws), the Bank’s representatives, other natural persons or legal entities processing personal data on behalf of or together with the Bank, Raiffeisen Group companies, contractual partners of the Bank and of the Raiffeisen Group companies, courts of law, central and local public authorities.
 
Transfer of personal data
If it is required for fulfilling the abovementioned purposes, the Bank will transfer certain categories of personal data concerning the Users outside Romania, both to EEA/EU countries, i.e.: Germany, France, UK, and to non-EEA/EU countries, i.e.: the United States of America.
The Bank will base the personal data transfer on the standard contractual clauses adopted by the European Commission or other safeguards recognized by law.
During the conduct of business, the abovementioned transfer countries may change. You can get an updated list of countries to which personal data are transferred by accessing the Data Privacy and Confidentiality Policy at https://www.raiffeisen.ro/despre-noi/politica-de-confidentialitate/.
 
Duration of processing
For fulfilling the abovementioned processing purposes, the Bank will process personal data throughout the duration required to fulfill the abovementioned processing purposes, and thereafter, when there is a legitimate business need to do so (e.g. to provide Users with the required information or to comply with our legal obligations). After the expiry of the statutory archiving periods, the Bank may order the anonymization of the data, thus removing their personal nature, and continue the processing of such anonymous data for statistical purposes.
 
User’s Rights
Users benefit from the following rights during the processing by the Bank of their personal data: the right to information, the right of access to data, the right to rectification, the right to erasure of data (“the right to be forgotten”), the right to restriction of processing, the right to data portability, the right to object, the right to refer to the National Supervisory Authority for Personal Data Processing or the competent courts of law, if deemed necessary.
Following the receipt of a request for erasure of data, the Bank may render such data anonymous (thus removing their personal nature) and continue the processing of the same for statistical purposes.
 
Additional information and contact details of the Data Protection Officer
This section is supplemented accordingly by the provisions of the PrivacyPolicy available at: https://www.raiffeisen.ro/despre-noi/politica-de-confidentialitate/ and by the provisions of the General Conditions for the Provision of Banking Operations for Natural Persons, respectively for Legal Persons.For further details concerning the processing activities carried out by the Bank, as well as for exercising their rights in relation thereto, Users may send a written request at the address of any Raiffeisen Bank SA unit (for a complete list of units, please visit: https://www.raiffeisen.ro/retea/) or an e-mail to the Bank in this respect at the following address: centrala@raiffeisen.ro.
Users may also contact the Bank’s Data Protection Officer at the following e-mail address: dpo@raiffeisen.ro.