GDPR

GDPR: Regulation 2016/679 of the European Parliament and of the Council (EU) of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation). The Regulation is aimed at protecting the basic rights and freedoms of natural persons, in particular the right to protect personal data.

PDF version of the Regulation

GDPR has been in force as of 25 May 2018.

“Data Controller”: means a natural or legal person, a public authority, a unit or another entity which independently or jointly with others determines the purposes and the modes of personal data processing.

The data controller of your personal data is Powszechna Kasa Oszczędności Bank Polski S.A. with its registered office in Warsaw, address: ul. Puławska 15, 02-515 Warsaw, Poland.

Personal data: means information about an identified or identifiable natural person (“data subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an on-line identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Your personal data (e.g. first names and surnames, date and place of birth, address of residence, PESEL No., telephone number) are processed by the Bank for purposes of handling products and providing services. Depending on the product held, the scope of processed personal data is changed, e.g. in case of servicing a savings and checking account, the scope of the processed data will be more limited than in relation to the servicing of a cash loan.   

Recipient: means a natural or legal person, a public authority, a unit or another entity to which the personal data is disclosed, irrespective of the fact whether it is a third party or not.

The Bank shares your personal data with the recipients of data which may include, e.g., entities or bodies authorised on the basis of generally applicable legal provisions, e.g. other banks, courts, prosecution office, Biuro Informacji Kredytowej S.A.

Supervisory authority: means an independent public authority set up by a member state to protect the basic rights and freedoms of natural persons in relation to data processing.

At the present moment, such authority is the General Personal Data Protection Officer. In the planned change of the Act on personal data protection, the supervisory authority shall be the President of the Personal Data Protection Office.

Processing: means any operation or a set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or sharing in another way, alignment or combination, restriction, erasure or destruction.

The Bank processes your personal data, i.e. collects, records, stores, removes and destroys them.

Profiling: means any form of automated processing of personal data consisting in the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person's performance at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

Tools based on profiling are used by the Bank for several purposes:

- profiling for marketing purposes allows the Bank to adjust the offer to your interests and needs. It allows for the analysis and forecast of issues pertaining to, e.g., economic situation of a given person, personal preferences or interests. If you decide to file an objection against the profiling, the mode of selecting the presented advertisements and offers of the Bank (direct marketing) is going to change from the one aligned to your needs to a random selection;

- profiling for the purpose of assessing the creditworthiness supports the process of transaction evaluation and the Client by using historical information about the level of credit risk for individual groups of Clients, e.g. higher evaluation is given to a Client timely settling his/ her credit liabilities.

Expressing objection to profiling for the purpose of evaluation of creditworthiness may entail:

• no possibility of designating and using the preferential pre-defined offer;
• no possibility of carrying out an automatic evaluation of creditworthiness, and in effect a significant extension of the credit process;
• no possibility of meeting the Bank’s obligation of assessing the Client’s application in line with the Regulator’s recommendations (e.g. The T Recommendation) and credit refusal.

- profiling carried out to prevent crime, protect bank deposits and counteract money laundering, including construction of models resulting from the Bank’s obligations specified by the provisions of the generally applicable law.

Consent for the processing of personal data: means expression of the data subject’s willingness, the content of which is a consent for the processing of personal data. Granting consent should be free, specific, informed and unambiguous.

The data subject has a right to withdraw the consent at any given moment. Withdrawal of consent does not affect the legitimacy of processing performed on the basis of the consent prior to its’ withdrawal. The data subject is informed thereof before giving consent. Withdrawal of consent has to be equally easy as giving consent.

In relation to the processing of bank products or provision of services, your data shall be processed not on the basis of a consent but on account of the fact that this is indispensable for exercising the right or meeting an obligation resulting from legal provisions (e.g. entering into a cash loan contract).

TH GDPR contains a closed-end catalogue of conditions where the processing of data may be deemed consistent with the law. This means that every process of data processing has to rely on at least one legal basis, indicated in the GDPR:

1. a) a data subject that gave the consent for the processing of personal data for one or a greater number of specified objectives;
2. b) processing is necessary for performance of a contract, a party to which is the data subject or for taking actions at the request of a data subject, before entering into a contract;
3. c) processing is necessary for meeting a legal obligation encumbering the data controller;
4. d) processing is necessary for the protection of vital interests of a data subject or another natural person;
5. e) processing is necessary for the performance of a task performed in public interest or as part of exercising public authority entrusted to the data controller;
6. f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, requiring protection of personal data, in particular when the data subject is a child.

If you fail to provide your data, e.g. when completing an application for a product offered by the Bank, e.g. a cash loan or in relation to entering into a checking and savings account contract, the Bank will not have the possibility of processing the application or entering into a contract with you. 

The Bank may process your personal data, e.g.:

- in relation to the contract pertaining to a banking product or a service provided by the Bank;

- when it fulfils obligations resulting from the generally applicable legal provisions, e.g. for purposes of guaranteeing safety to clients (protection from threats resulting from cyber-security, protection from extortion and fraud);

- when it is necessary for meeting the legitimate interests of the Bank such as, e.g., determination and seeking of claims in relation to the conducted business, including debt collection, enforcement of receivables.

Based on Regulation 2016/679 of the European Parliament and of the Council (EU) of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC, hereinafter referred to as the “Regulation”, please be informed that:

1. Data Controller

The data controller of your personal data is Powszechna Kasa Oszczędności Bank Polski S.A. with its registered office in Warsaw, address: ul. Puławska 15, 02-515 Warsaw, Poland, registered in the District Court for the Capital City of Warsaw in Warsaw, 13^th Commercial Division of the National Court Register, under entry No. KRS 0000026438, VAT Reg. No. (NIP): 525-000-77-38, State Statistical No. (REGON): 016298263, share capital (paid-up) PLN 1,250,000, 000.00 hotline: +48 800 302 302, hereinafter referred to as the “Bank.” 

2. Data Protection Officer

A Data Protection Officer was appointed in the Bank. Address: Data Protection Officer Puławska 15, 02-515 Warsaw, Poland, e-mail address: iod@pkobp.pl. The data pertaining to the Data Protection Officer are available on the Bank's website in the “GDPR” tab and in the Bank’s branches and agencies.

3. Categories of Personal Data: information refers to personal data sourced in a mode other than from the data subject.

The Bank processes the following categories of your personal data: identification data, address and contact details.

4. Purpose and Legal Bases of Data Processing

Personal data may be processed by the Bank for the following purposes:

• presentation of an offer or processing of an application for a product offered by the Bank or a service provided by the Bank, including on behalf of and for the benefit of companies from the Bank's Capital Group and entities cooperating with the Bank, pursuant to Art. 6(1)(b) or (f) of the Regulation;
• entering into a contract pursuant to Art. 6(1)(b) of the Regulation;
• performance of a concluded contract or for provision of services by the Bank, pursuant to Art. 6(1)(b)-(c) of the Regulation;
• assessing creditworthiness and analysis of credit risk, pursuant to Art. 6(1)(B)-(c) of the Regulation;
• management of the risk by the Bank, including assessment of creditworthiness, pursuant to Art. 6(1)(b)-(c) of the Regulation;
• processing of complaints, based on Art. 6(1)(b)-(c) and (f) of the Regulation;
• performance by the Bank of activities resulting from the generally applicable legal provisions pertaining to the protection of persons and property, based on Art. 6(2)(c) and (e) of the Regulation;
• exercise of rights resulting from representation (including power-of-attorney), guarantee, on the basis of Art. 6(1)(b)-(c) of the Regulation;
• marketing, including promotion of products offered by the Bank or services provided by the Bank or companies from the Bank’s Capital Group or entities cooperating with the Bank, pursuant to Art. 6(1)(f) of the Regulation;
• establishment and seeking of claims by the Bank in relation to the conducted business, including restructuring, debt collection, enforcement of receivables, taking actions aimed at finding buyers for property forming security of the contract or sale of receivables resulting from such contract or defence from claims lodged against the Bank, before law enforcement bodies, adjudicating bodies, including common courts, administrative courts, the Supreme Court, in administrative proceedings, including tax, pursuant to Art. 6(1)(f) of the Regulation;
• detection and limitation of financial abuse related to the Bank’s operation, as well as with the aim of ensuring security of storage of the Bank's clients’ assets and performance of explanatory proceedings, pursuant to Art. 6(1)(f) of the Regulation.

The data regarding the Capital Group of the Bank are available on the Bank’s website in the “GDPR” tab and in the Bank's branches and agencies.

5. Personal Data Sharing

Your personal data may be shared by the Bank with:

• entities and bodies with which the Bank is required to share the personal data based on the generally applicable legal provisions, including entities and bodies authorised to receive personal data from the Bank or authorised to demand access to the personal data based on commonly applicable legal provisions, in particular on the basis of Art. 104(2) and Art. 105(1) and (2) of the Banking Law;
• entities which the Bank entrusted with performance of banking activities or activities related to the bank activities for the benefit of the Bank;
• institutions referred to in Art. 105(4) of the Banking Law;
• bodies and entities authorised to receive personal data pursuant to Art. 149 or 150 of the Act on trading in financial instruments and other legal provisions pertaining to the trading in financial instruments (within the scope of trust services provided by the Bank on the basis of Art. 119 of the Act on trading of financial instruments or services provided by the Bank pursuant to Art. 70(2) of the Act on the trading of financial instruments);
• business information offices operating pursuant to the Act on sharing business information and exchange of business data, pursuant to the provisions of such Act;
• entities from the Bank’s Capital Group and entities cooperating with the Bank, in relation to products and services offered by such entities. The list of such entities is available on the Bank's website in the “GDPR” tab and in the Bank's branches and agencies.

6. Transfer of Personal Data to Third Countries

Your data may be transferred to the governmental administration of the United States of America in relation to performance of international money transfers with the use of SWIFT.

7. Period of Data Storage

Your personal data shall be stored for the following periods:

• validity of an offer or processing of an application for a product offered by the Bank or a service provided by the Bank, including on behalf of and for the benefit of companies from the Bank's Capital Group and entities cooperating with the Bank;
• term of a contract entered into with the Bank, and after its termination, in relation to the Bank’s legal obligation resulting from commonly applicable legal provisions;
• necessary for seeking claims by the Bank in relation to the conducted business or defence against claims lodged against the Bank, on the basis of commonly applicable legal provisions in observance of claim expiry periods specified in the generally applicable legal provisions;
• application of internal methods and other methods and models, referred to in the third part of Regulation No. 575/2013 of the European Parliament and of the Council (EU) No. 575/2013 of 26 June 2013 on prudential requirements for credit institutions and investment firms and amending Regulation (EU) No. 648/2012;
• validity of a power-of-attorney granted to you and, after its expiry, in relation to the Bank’s legal obligation resulting from commonly applicable legal provisions.

The information on the periods of data storage is available on the Bank’s website in the “GDPR” tab and in the Bank's branches and agencies.

8. Rights

In relation to the processing of your personal data by the Bank, you are vested with the following rights:

• Right to access your personal data;
• Right to rectify your personal data;
• Right to remove personal data (right to be forgotten);
• Right to limit the personal data processing;
• Right to transfer data to another data controller;
• Right to file an objection against the processing of data, including profiling, and for the needs of direct marketing, including profiling;
• Right to withdraw your consent at any moment and in any mode, without affecting the legitimacy of processing performed on the basis of your consent prior to its’ withdrawal;
• Right to file a complaint to the President of the Personal Data Protection Office when you believe that the processing personal data violates the provisions of the Regulation.

9. Source of data origin: information refers to the personal data sourced in a mode other than from the data subject.

Your personal data can derive from a statutory representative, a principal in case of a granted power-of-attorney, an entrepreneur, in relation to whom you are an actual beneficiary, an employer, a party to a contract entered into with the Bank and from generally available sources, in particular databases and registers: PESEL, Register of Identity Cards, National Court Register (KRS), Central Registration and Information on Business (CEIDG), State Statistical Number (REGON).

10. Requirement to Provide Personal Data

Provision of your personal data is necessary for the purpose specified in Section 4 above to:

• process an application for a product offered by the Bank or a service provided by the Bank, including on behalf of and for the benefit of companies from the Bank’s Capital Group and entities cooperating with the Bank, whereas the consequence of failing to provide your personal data shall be no possibility of examining an application for a product offered by the Bank or a service provided by the Bank, including on behalf of and for the benefit of entities from the Bank’s Capital Group and entities cooperating with the Bank;
• enter into and perform a contract concluded with the Bank, and the consequence of failing to provide your personal data shall be no possibility of entering into and performance of the contract concluded with the Bank;
• provide services by the Bank, whereas the consequence of your failure to provide personal data shall be no provision of services by the Bank;
• process a complaint, an application or an appeal, whereas the consequence of your failure to provide personal data shall be no possibility of processing the complaint, application or appeal;
• receive offers or marketing of products offered by the Bank or services provided by the Bank, including on behalf of and for the benefit of companies from the Bank’s Capital Group and entities cooperating with the Bank, whereas the consequence of your failure to provide personal data shall be no possibility of receiving such offers or marketing of products or services.

11. Automated Decision Making, Including Profiling

Your personal data shall be processed in an automated mode, including profiling, for the purpose of evaluating creditworthiness and for marketing purposes, the consequence of which will be the possibility of applying a simplified processing procedure with respect to you and presentation of an individual offer of products and services offered by the Bank or services provided by the Bank, including on behalf of and for the benefit of companies from the Bank’s Capital Group and entities cooperating with the Bank.

The information pertaining to the automated decision making, including profiling, is available on the Bank's website in the “GDPR” tab and in the Bank’s branches and agencies.

Based on Regulation No. 2016/679 of the European Parliament and of the Council (EU) of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as the “Regulation”, please be informed that:

1. Data Controller

The data controller of your personal data is Powszechna Kasa Oszczędności Bank Polski S.A. with its registered office in Warsaw, address: ul. Puławska 15, 02-515 Warsaw, Poland, registered in the District Court for the Capital City of Warsaw  in Warsaw in Warsaw, 13^th Commercial Division of the National Court Register, under entry No. KRS 0000026438, VAT Reg. No. (NIP): 525-000-77-38, State Statistical No. (REGON): 016298263, share capital (paid-up) PLN 1,250,000, 000.00 hotline: +48 800 302 302, hereinafter referred to as the “Bank.” 

2. Data Protection Officer

A Data Protection Officer was appointed in the Bank. Address: ul. Puławska 15, 02-515 Warsaw, Poland, e-mail address: iod@pkobp.pl.

3. Purposes and Bases of Data Processing

Your personal data shall be processed by the Bank for the purpose of providing the account information service (Art. 6(1)(b) of the Regulation) and for the purpose of:

• processing of complaints, applications and appeals based on Art. 6(1)(b)-(c) and (f) of the Regulation;
• performance of activities resulting from the generally applicable legal provisions including performance of tasks performed in public interest (Art. 6(2)(c) and (e) of the Regulation);
• determination and seeking of claims in relation to the conducted business or defence against claims lodged against the Bank, before common courts, adjudicating bodies, including common courts, administrative courts, the Supreme Court, in administrative proceedings, including tax proceedings (Art. 6(1)(f) of the Regulation).
• detection and limitation of financial abuse related to the Bank’s operation, as well as with the aim of ensuring secure storage of the Bank's clients’ assets and performance of explanatory proceedings (Art. 6(1)(f) of the Regulation).

If you agree for the processing of personal data sourced by the Bank for the purpose of providing the account information service (“consent”), the personal data (information pertaining to the indicated payment accounts and payment transactions related to them) processed in relation to the provision of the account information services shall be used by the Bank for the purpose of preparation of the Bank’s offer, including evaluation of creditworthiness, provided it is necessary for the presentation of such offer. (Art. 6(1)(a) of the Regulation).

If you give your consent, the personal data (information pertaining to the indicated payment accounts and payment transactions related to them) processed in relation to the provision of the account information services shall be used by the Bank for the purpose of preparation of the Bank’s offer, including evaluation of creditworthiness, provided it is necessary for the presentation of such offer (Art. 6(1)(a) of the Regulation).

The list of cooperating entities is available on the Bank's website in the “GDPR” tab. Giving the consent above shall be related to the processing of personal data in an automated mode, including profiling, and its consequence shall be the possibility of applying, with respect to you, a simplified service procedure and presentation of an individual offer of products and services offered by the Bank or by cooperating entities.

4. Sharing Personal Data

Your personal data may be shared by the Bank with:

• entities and bodies with which the Bank is required to share the personal data based on the generally applicable legal provisions, including entities and bodies authorised to receive personal data from the Bank or authorised to demand access to the personal data based on commonly applicable legal provisions, in particular on the basis of Art. 104(2) and Art. 105(1) and (2) of the Banking Law;
• entities which the Bank entrusted with performance of banking activities or activities related to the bank activities for the benefit of the Bank;
• institutions referred to in Art. 105(4) of the Banking Law.

5. Period of Data Storage

Your personal data shall be stored for the following periods:

• term of a contract entered into with the Bank, and after its termination in relation to the Bank’s legal obligation resulting from commonly applicable legal provisions;
• necessary for seeking claims by the Bank in relation to the conducted business or defence against claims lodged against the Bank, on the basis of commonly applicable legal provisions in observance of claim expiry periods specified in the generally applicable legal provisions;
• application of internal methods and other methods and models, referred to in the third part of Regulation No. 575/2013 of the European Parliament and of the Council (EU) No. 575/2013 of 26 June 2013 on prudential requirements for credit institutions and investment firms and amending Regulation (EU) No. 648/2012.

The additional information pertaining to the terms of data storage is available on the Bank's website in the “GDPR” tab and in the Bank’s branches and agencies.

6. Rights

In relation to the processing of your personal data by the Bank, you are vested with the following rights:

• Right to access your personal data;
• Right to rectify your personal data;
• Right to remove personal data (right to be forgotten);
• Right to limit the personal data processing;
• Right to transfer data to another data controller;
• Right to file an objection against the processing of data, including profiling, and for the needs of direct marketing, including profiling;
• Right to withdraw your consent at any moment and in any moment, without affecting the legitimacy of processing performed on the basis of your consent prior to its’ withdrawal;
• Right to file a complaint to the President of the Personal Data Protection Office when you believe that the processing personal data violates the Regulation provisions.

7. Automated Personal Data Processing, Including Profiling

Your personal data may be processed in an automated mode, including profiling - provided the Bank holds a relevant consent - for the purpose of preparation of individual offer of the Bank and the cooperating entities, including assessment of creditworthiness, if it is necessary for the presentation of such offer.

The information pertaining to the automated decision making, including profiling, is available on the Bank's website in the “GDPR” tab.

The purpose of the GDPR is to protect the rights and freedoms of every person and to offer control on the processing of data belonging to such person.  To this aim, you can exercise your rights:

- right of access to data: the data subject has a right to receive information, among others, which of his/ her personal data are processed by the Bank, for which purposes and to receive a copy of such data.

You can submit an application to the Bank for receipt of information whether the Bank processes your personal data.       

- right to delete your data (right to be forgotten): a data subject may indicate the scope and the circumstances justifying deletion of data, e.g. the data are no longer needed for meeting the purposes for which they were collected and there are no legal bases for the further processing of data, data are processed inconsistently with the law.

The right to delete data may be exercised in cases when the Bank has no legal bases for the processing of data. Please note that in case of holding an active contract with the Bank, the processing of data is necessary for its performance and the personal data cannot be deleted.                                                    

- right to transfer data: a data subject has a right to receive data pertaining to him/ her which he/ she delivered to the Bank in a structured, commonly used and machine-readable format.

The application for transfer of data maybe submitted by a data subject. The information shall be provided in the form of a file saved on a CD secured with a password.

- right to limit data processing: a data subject indicates that the premises set out in Art. 18 of the GDPR took place with respect to the limitation of the processing of his/ her personal data, e.g. the Bank does not need certain data, there are no premises for further processing of such data, whereas the data subject applies for the suspension of operations on data or no removal of data.

Every application for limitation of data processing shall require individual processing with respect to the existing bases for data processing, the purpose and the scope of their processing.

- right to rectify data: at any moment, whenever necessary, the data subject informs the Bank about a change in his/ her personal data.

You can apply to the Bank for correcting incorrect or supplementing the incomplete personal data.

- right to object: it is possible to lodge an objection against the processing of data in an automated mode at any moment, including profiling, as well as objection against the processing of data for marketing purposes.

Objection against the processing of data may be submitted to, e.g., a Bank’s branch, by post to the address of the Bank, via electronic banking or by calling the Bank’s helpline.

Objecting against profiling means that your personal data shall not be processed in an automated mode, excluding exceptional cases specified in the applicable law. In consequence, the Bank will not be able to apply a simplified service procedure with respect to you and to evaluate your needs and creditworthiness in order to present an individual proposal of purchasing the products and services of the Bank, companies from the Bank’s Capital Group and entities cooperating with the Bank.

For the purpose of exercising the above-listed rights, you can visit the Bank's branches or send an application to the Bank by post or electronically.

The Bank provides information in writing; such information can also be collected from the Bank after prior notification (e-mail or SMS) and in case of Inteligo clients, the Bank provides information in an electronic form.

The Bank, without any undue delay, and in any case within a month from the date of receipt of the request, provides the data subject with information about actions taken with respect to the exercise of the aforementioned rights. If necessary, such deadline may be extended by subsequent two months on account of the complex nature of the request or a number of requests. Within one month from receipt of the request, the Bank informs the data subject about such extension of the deadline, specifying the causes.

Both during the validity period of the hitherto provisions of the generally applicable law pertaining to the protection of personal data (Act on the protection of personal data and executive regulation to the act), as well as in the light of the new European provisions, the Bank processes your data with the use of any technical and organisational measures that are needed to ensure safety of such data. Your personal data constitute the most valuable resources for the Bank. The Bank has implemented and continues to implement proper technical and organisational measures ensuring protection of personal data processing, in particular protecting the data from being shared with unauthorised persons, captured by an unauthorised person, loss or change, damage or destruction. Furthermore, any information pertaining to the  Client - Bank relationship are covered by the banking secret, in line with which the Bank, persons employed in the Bank and persons through whom the Bank performs banking activities are required to observe banking secrecy, which encompasses any information pertaining to banking operations, procured in the course of negotiations, during conclusion and performance of agreements on the basis of which the bank performs such activities.

The Bank's employees participate in trainings on safety of protected information, including within the scope of protection of personal data and banking secret.

A Data Protection Officer was appointed in the Bank. You can contact the Data Protection Officer by writing to the following address: Powszechna Kasa Oszczędności Bank Polski Spółka Akcyjna, Data Protection Officer, Security Department, ul. Puławska 15, 02-515 Warsaw, e-mail address: iod@pkobp.pl.

The data may be shared with entities and bodies with which the Bank is required to share the personal data based on the generally applicable legal provisions, including entities and bodies authorised to receive personal data from the Bank or authorised to demand access to the personal data based on commonly applicable legal provisions, in particular Art. 104(2) and Art. 105(1) and (2) of the Banking Law, institutions referred to in Art. 105(4) of the Banking Law.

The institution functioning pursuant to Art. 105(4) of the Banking Law is, among others, Biuro Informacji Kredytowej S.A. (BIK) – Download the information clause prepared by the Institution pertaining to the processing of personal data in the BIK.

A third country is understood as a country that does not belong to the European Economic Area. This means that the flow of data within the European Economic Area is treated in the same way as transfer of data within the territory of Poland. This principle refers to all member states of the European Union and these member states of the European Economic Area which are not the EU members (Norway, Iceland and Lichtenstein).

Your data may be transferred to the governmental administration of the United States of America in relation to performance of international money transfers with the use of SWIFT. With the use of SWIFT transfer, we process transactions in every currency and to every bank in the world.

Your personal data shall be processed for purposes resulting from the generally applicable legal provisions, also after the termination of the contract between you and the Bank. 

Obligations and rights related to the processing of data for archival purposes, as well as establishment and seeking of claims by the Bank in relation to the conducted business, including restructuring, debt collection, enforcement of receivables, taking actions aimed at finding buyers for property that forms security for a contract or sale of receivables resulting from such contract or defence from claims lodged against the Bank, before law enforcement bodies, adjudicating bodies, including common courts, administrative courts, the Supreme Court, in administrative proceedings, including tax proceedings.

Banking Law of 29 August 1997, Polish Journal of Laws [Dz. U.] of 2020, item 1896).

Civil Code Act of 23 April 1964, Polish Journal of Laws [Dz. U.] of 2020, item 1740).

Accounting Act of 29 September 1994, (Polish Journal of Laws [Dz.U.] of 2019, item 351, as amended).

Act on investment funds and management of alternative investment funds of 27 May 2004 (Polish Journal of Laws [Dz.U.] of 2020, No. item 95 as amended).

Act on payment services of 19 August 2011, Polish Journal of Laws [Dz.U.] of 2020, No. item 794 as amended).

Act on counteracting money laundering and terrorism financing of 16 November 2000 (Polish Journal of Laws [Dz.U.] of 2020, No. item 971 as amended).

Regulation of the Minister of Finance on detailed accounting principles of banks of 1 October 2010 (Polish Journal of Laws [Dz.U.] of 2019, item 957).

Regulation of the Minister of Finance on the mode and terms of conduct of investment companies, banks, referred to in Art. 70(2) of the Act on trading in financial instruments and trust banks of 30 May 2018 (i.e. Polish Journal of Laws [Dz.U.] of 2018, item 1112).

Regulation of the Minister of Development and Finance on the detailed technical and organisational terms for investment companies, banks, referred to in Art. 70(2) of the Act on trading in financial instruments and trust banks of 25 April 2017 (Polish Journal of Laws of 2018, No. item 1111).

The Capital Group of PKO Bank Polski S.A. includes the Bank as the dominant entity and direct and indirect subsidiaries. However, your personal data are transferred only to selected Companies from the Capital Group of PKO Bank Polski S.A.

PKO Leasing S.A., PKO Faktoring S.A. are companies from the Capital Group of the Bank with which the Bank exchanges data. The data may be exchanged exclusively on the basis of the Client's consent submitted on the basis of a proper declaration containing the purpose and the scope of the provided information.

PKO Bank Hipoteczny specialises in mortgage loans for individual clients.  Based on the strategic cooperation with the Bank such loans are offered to retail clients in Poland via a network of branches and agents.

PKO Życie Towarzystwo Ubezpieczeń S.A. offers a broad range of security and saving products, and life and endowment insurance policies. 

PKO Towarzystwo Ubezpieczeń SA together with PKO Życie Towarzystwo Ubezpieczeń S.A. operates under the joint brand of PKO Ubezpieczenia. Towarzystwo specialises in the area of property and other personal insurance, offering solutions that are closely related to the banking products available in the Bank’s offer. The Company’s offer features insurance for cash loans, mortgage loans or credit cards.

PKO BP Finat Sp. z o.o. offers comprehensive services to companies from the financial sector, including transfer agent services, fund and corporate accounting.

Information about entities cooperating with the Bank in relation to the products and services offered by such entities can be found here. 

Document Identification and Monitoring System (DIMS): a solution supporting verification of authenticity of identity documents, using white, infra-red and ultraviolet light for correcting document securities, and thus limiting the risk that a document holder is using a non-authentic document.

Monitoring

Video monitoring: known as CCTV, means a system for transmission and recording of image from cameras installed in specific locations, in a closed-circuit receiver system. The purpose of video monitoring is ensuring safety of area and premises covered by the television camera supervision by recording the image from the field of view of cameras. It allows for identification of events and persons within the range of view of the camera, if apart from the image, also other personal data of such person are held. The Bank uses the recorded image from monitoring cameras also as subsidiary material during the processing of complaints, for determination and seeking of claims by the Bank in relation to the conducted business, to defend against claims lodged against the Bank, or to detect and limit financial abuse related to the Bank's operation, as well as to ensure safety of storage of the funds of the Bank’s clients. Provision of recordings is possible only to authorised entities in relation to the criminal and administrative proceedings conducted by them. Information About Data Processing in Relation to Monitoring