+371 67 359 000 Contact us

Rights of
Data Subject

The Bank shall ensure the following rights stipulated by the normative acts for a Data Subject:

Right of Access to One’s Personal Data

  1. Under this right, a Data Subject may:
    • obtain confirmation of its Personal Data processing, i.e. upon the request of a Data Subject to obtain the Bank’s response on the fact that Personal Data of the Data Subject are/are not processed;
    • obtain access to its Personal Data, i.e. to receive a copy of its Personal Data held by the Bank (not documents);
    • receive additional information regarding its Personal Data processing.
  2. The Bank shall ensure these rights free of charge, however, the Bank shall have the right to charge fees in accordance with the Bank’s Price list or to refuse a request if the Data Subject’s request is obviously unreasonable or excessive.

Right to Rectify Personal Data

The Data Subject may request that the Bank without undue delay rectify inaccurate Personal data of the Data Subject held by the Bank.

Right to Transfer Data

  1. The Data Subject shall have the right to receive from the Bank Personal Data about itself for storage thereof and, for example, to transfer it to another service provider. These rights shall relate only to the Personal Data that meet the following parameters:
    • Personal Data relates to a certain Data Subject that made a request;
    • Personal Data has been provided to the Bank by the Data Subject itself;
    • legal basis for the Processing of Personal Data is the Consent or establishment and implementation of contractual relations;
    • such Processing of Personal Data is performed by automated means.
  2. The Bank shall ensure these rights where this is technically possible and free of charge, however, the Bank shall have the right to charge fees in accordance with the Bank’s Price List if the Data Subject’s request is obviously unreasonable or excessive.

Right to Be Forgotten

  1. The Data Subject shall be entitled to demand that the Bank without undue delay cease the Processing of Personal Data of the Data Subject and delete it, if:
    • Personal Data is no longer needed for implementing the goals for which it had been initially collected or otherwise processed;
    • The Data Subject has withdrawn its Consent on the basis of which Personal Data were processed and there is no other legal basis for the Processing of Personal Data.
    • The Data Subject objects to the Processing of Personal Data, and after repeated assessment of legitimate interests the Bank admits that no significant legal basis for processing exists, or processing in performed for marketing purposes.
  2. The Bank shall have the right not to delete Personal Data in the following cases:
    • if the Bank has to continue the Processing of Personal Data under compliance with its legal obligation (obligation on the Processing of Personal Data is established by the normative acts);
    • the Processing of Personal Data is required for archiving purposes;
    • in other cases upon the existence of corresponding legal basis.

Right to Limit the Processing

  1. The Data Subject shall have the right to require that the Bank in certain cases and for a certain period restrict the Processing of Personal Data of the Data Subject:
    • if the Data Subject challenges the accuracy of Personal Data – for a period while the Bank verifies the accuracy of Personal Data;
    • if processing is unlawful and the Data Subject objects to Personal Data deletion, instead requesting to limit the use of Personal Data – for a period requested by the Data Subject;
    • if the Bank no longer needs Personal Data for processing, but the Data Subject needs it for submission, implementation or protection of legitimate claims – for a period requested and justified by the Data Subject;
    • if the Data Subject objects to processing that is based on legitimate interests of the Bank – for a period while it is verified whether the Bank’s legitimate interests are more important that legitimate interests of the Data Subject.
  2. Prior to lifting restrictions, the Bank informs the Data Subject thereof.

Right to Object

  1. The Data Subject shall have the right to object to the Processing of its Personal Data if it is based on legitimate interests, including Profiling for marketing purposes (direct selling purposes) (for example, receiving commercial messages).
  2. The Data Subject shall not have the right to object to processing of the Data if the basis for Data processing is:
    • Consent;
    • establishment or implementation of contractual relations;
    • implementation of legal obligation;
    • protection of vital interests of Data Subject or Third Parties.

Right to Make Individual Automated Decisions

The Data Subject shall have the right not to be subject to fully automated individual decision making, including Profiling, if a decision made in such manner in relation to the Data Subject creates legal consequences or affects Data subject in a similar way. Data subject shall not have the right to refuse such decision making if:

  • the decision is required for conclusion or execution of agreement concluded between the Bank and the Data Subject;
  • decision making is allowed in accordance with the applicable normative acts;
  • the Data Subject has granted its Consent.

Right to Withdraw the Consent

  1. Where the Processing of Personal Data is performed based on the Consent, the Data Subject shall have the right to withdraw the Consent.
  2. As a result of Consent withdrawal, the Bank will no further process Personal Data for the purposes according to which the Consent had been withdrawn, unless other legal basis for the Processing of Personal Data exists. After withdrawal of the Consent, the Bank shall have the right to process Personal Data for other legitimate purposes.