Privacy Policy

Personal data protection

Information memorandum of personal data protection

The objective of this Information Memorandum of Personal Data Protection is to provide information related to processing of personal data pursuant to provisions of the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and repealing Directive 95/46/EC.

In this Information Memorandum of Personal Data Protection you will find information about the purposes we process your personal data for, whom they may be provided to, what your rights are, as well as information where you can contact us in case you have a question related with processing of your personal data.

With regard to this we recommend you to get to know the information contained herein. Any changes related to processing of your personal data will be provided in form of an update of this document published on our websites and available at Tatra banka and Raiffeisen banka branches.

GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

Data subject - Natural person whose personal data are processed. It is a person who can be identified directly or indirectly, especially with reference to the identifier such as name, identification number, online identifier or one or several elements specific for physical, physiological, genetic, mental, economic, cultural or social identify of this natural person.

Client - Person with whom Tatra banka, in performing its banking activities, entered into transaction, where a bank transaction means formation, change or termination of contractual relationships between the client and Tatra banka. The Clients also means a person with whom Tatra banka discussed an execution of transaction, although this transaction was not executed , the person who ceased to be a client of Tatra banka, a person providing security and the representative of a client who concluded a banking transaction on behalf of the client or negotiated such conclusion. For the purposes of this document, the Client is also a beneficiary defined by AML Act.

Processing - Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by
transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Anti Money Laundering - Prevention of legalization of proceeds from criminal activity and financing of terrorism.

Client processing purpose - Personal data processed by Tatra banka for the following purpose:
Provision of banking services, financial and related services, identification of Tatra banka clients and identification of Tatra banka contract partners* (*Contract partner is an entity Tatra banka cooperates with at receiving payment means in the extent in which it could not be considered as the Client under other circumstances).

Marketing processing purpose - Personal data processed by Tatra banka for the following purpose:
Informing about products, innovations and services provided by Tatra banka in connection with obtaining benefits from Tatra banka.

Controller - Any person who, alone or together with other parties, determines the purposes and means of personal data processing and processes personal data on their behalf. For purposes hereof the controller is Tatra banka.

Processor - Any person who processes personal data on behalf of the controller on basis of authorisation
in compliance with Article 28 GDPR.

Act on Banks Act
No. 483/2001 Coll. on Banks.

AML Act
No. 297/2008 Coll. on the Prevention of Legalization of Proceeds of Criminal Activity and Terrorist Financing on Amendments and supplements to Certain Acts as amended.

Act on Securities
Act No. 566/2001 Coll. on Securities and Investment Services

Act on Collective Investment
Act No. 203/2011 Coll. on Collective Investment

Act on Payment Services
Act No. 492/2009 Coll. on Payment Services

Act on Financial Intermediation and Financial Counselling
Act No. 186/2009 Coll. Financial Intermediation and Financial Counselling

Act  on Accounting
Act No. 431/2002 Coll. on Accounting


Basic Terms

GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.


Data subject - Natural person whose personal data are processed. It is a person who can be identified directly or indirectly, especially with reference to the identifier such as name, identification number, online identifier or one or several elements specific for physical, physiological, genetic, mental, economic, cultural or social identify of this natural person.


Client - Person with whom Tatra banka, in performing its banking activities, entered into transaction, where a bank transaction means formation, change or termination of contractual relationships between the client and Tatra banka. The Clients also means a person with whom Tatra banka discussed an execution of transaction, although this transaction was not executed , the person who ceased to be a client of Tatra banka, a person providing security and the representative of a client who concluded a banking transaction on behalf of the client or negotiated such conclusion. For the purposes of this document, the Client is also a beneficiary defined by AML Act.


Processing - Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by
transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.


Anti Money Laundering - Prevention of legalization of proceeds from criminal activity and financing of terrorism.


Client processing purpose - Personal data processed by Tatra banka for the following purpose:
Provision of banking services, financial and related services, identification of Tatra banka clients and identification of Tatra banka contract partners* (*Contract partner is an entity Tatra banka cooperates with at receiving payment means in the extent in which it could not be considered as the Client under other circumstances).


Marketing processing purpose - Personal data processed by Tatra banka for the following purpose:
Informing about products, innovations and services provided by Tatra banka in connection with obtaining benefits from Tatra banka.


Controller - Any person who, alone or together with other parties, determines the purposes and means of personal data processing and processes personal data on their behalf. For purposes hereof the controller is Tatra banka.


Processor - Any person who processes personal data on behalf of the controller on basis of authorisation
in compliance with Article 28 GDPR.


Act on Banks Act
No. 483/2001 Coll. on Banks.


AML Act
No. 297/2008 Coll. on the Prevention of Legalization of Proceeds of Criminal Activity and Terrorist Financing on Amendments and supplements to Certain Acts as amended.


Act on Securities
Act No. 566/2001 Coll. on Securities and Investment Services


Act on Collective Investment
Act No. 203/2011 Coll. on Collective Investment


Act on Payment Services
Act No. 492/2009 Coll. on Payment Services


Act on Financial Intermediation and Financial Counselling
Act No. 186/2009 Coll. Financial Intermediation and Financial Counselling


Act  on Accounting
Act No. 431/2002 Coll. on Accounting


Who can we provide your personal data to?

Tatra banka shall not provide your personal data to other entities, except for the cases in which you have granted your consent or written instruction to Tatra banka for such provision of data or if other legal ground for provision of your personal data to other entities exists, for instance in case of performance of the legal obligation of Tatra banka as the controller. Provision of your personal data to other entities in terms of performance of the legal obligation can be executed in the environment of Tatra banka only in cases set under the Act on Banks. In accordance with the Act on Banks, Tatra banka is obligated to provide personal data of its client without client's consent to the National Bank of Slovakia, to persons authorised to perform banking supervision including the invited persons and persons specified in § 6 par. 7 and § 49 par. 2 Act on Banks, resolution board for purposes of its function pursuant to the Act on Banks or a separate regulation, to auditors for the activities specified in the Act on Banks or separate act and to the Deposit Protection Fund for meeting the tasks pursuant to the separate
regulation.


Tatra banka is also obligated to provide your personal data if they are requested by an authority pursuant to § 91 par. 4 Act on Banks (and that for instance court, notary, investigative, prosecuting and adjudicating bodies, executor, criminal police services, etc.).


Tatra banka may also provide personal data to other entities without your consent in terms of meeting the legal duties:

  • in the area of providing and securing payment services pursuant to the Act on Payment Services,
  • in the area of protection against legalisation of incomes from criminal activities and financing of terrorism pursuant to the AML Act,
  • in connection with reporting to the law enforcement authorities about suspicion that a crime is being prepared, being committed or was committed,
  • in connection with the reporting duty to the respective authority of the Slovak Republic for the purpose of automatic exchange of information about financial accounts for purposes of tax administration pursuant to a separate regulation (FATCA, CRS),
  • in connection with consideration of the ability to repay a consumer loan pursuant to the Act No. 129/2010 on Consumer Loans and Other Credits and Loans for Consumers and on amendments to certain laws as amended,
  • in connection with meeting the reporting duty towards the National Security Authority in the field of cybersecurity pursuant to the Act No. 69/2018 Coll. on Cybersecurity,
  • in connection with providing data to the central register of accounts and fulfilment of obligations pursuant to the Act No. 123/2022 Coll. on Central Register of Accounts.

Tatra banka shall not provide your personal data to other entities, except for the cases in which you have granted your consent or written instruction to Tatra banka for such provision of data or if other legal ground for provision of your personal data to other entities exists, for instance in case of performance of the legal obligation of Tatra banka as the controller. Provision of your personal data to other entities in terms of performance of the legal obligation can be executed in the environment of Tatra banka only in cases set under the Act on Banks. In accordance with the Act on Banks, Tatra banka is obligated to provide personal data of its client without client's consent to the National Bank of Slovakia, to persons authorised to perform banking supervision including the invited persons and persons specified in § 6 par. 7 and § 49 par. 2 Act on Banks, resolution board for purposes of its function pursuant to the Act on Banks or a separate regulation, to auditors for the activities specified in the Act on Banks or separate act and to the Deposit Protection Fund for meeting the tasks pursuant to the separate
regulation.

Tatra banka is also obligated to provide your personal data if they are requested by an authority pursuant to § 91 par. 4 Act on Banks (and that for instance court, notary, investigative, prosecuting and adjudicating bodies, executor, criminal police services, etc.).

Tatra banka may also provide personal data to other entities without your consent in terms of meeting the legal duties:

  • in the area of providing and securing payment services pursuant to the Act on Payment Services,
  • in the area of protection against legalisation of incomes from criminal activities and financing of terrorism pursuant to the AML Act,
  • in connection with reporting to the law enforcement authorities about suspicion that a crime is being prepared, being committed or was committed,
  • in connection with the reporting duty to the respective authority of the Slovak Republic for the purpose of automatic exchange of information about financial accounts for purposes of tax administration pursuant to a separate regulation (FATCA, CRS),
  • in connection with consideration of the ability to repay a consumer loan pursuant to the Act No. 129/2010 on Consumer Loans and Other Credits and Loans for Consumers and on amendments to certain laws as amended,
  • in connection with meeting the reporting duty towards the National Security Authority in the field of cybersecurity pursuant to the Act No. 69/2018 Coll. on Cybersecurity,
  • in connection with providing data to the central register of accounts and fulfilment of obligations pursuant to the Act No. 123/2022 Coll. on Central Register of Accounts.

Also please note that Tatra banka and entities from the Raiffeisen Group have legitimate interest in mutual sharing of personal data processed within the Client processing purpose which can lead also to cross-border transfer of data, and that in terms of:

  • protection against legalisation of incomes from criminal activities and financing of terrorism,
  • meeting the duties connected with the execution of banking activities at the level of the Raiffeisen Group,
  • in connection with consideration of financial standing and credibility of clients.

Tatra banka is authorised, in compliance with provisions of the Act on Banks, to maintain its register of clients who do not meet their obligations ensuing from the contract relationships with Tatra banka duly and on time, Clients who have committed action considered by the Tatra banka as unusual business transaction under the AML Act and Clients the international sanctions according to a separate regulation relate to, and also to provide, yet without consent of the Client, information from the register to other banks and branches of foreign banks. 

Tatra banka and its subsidiaries act as a set of entities subject to supervision on a consolidated basis and fulfill selected legal obligations jointly and in cooperation with each other.

In connection with the above, we inform you that Tatra banka, as well as Tatra banka's subsidiaries, have a legitimate interest in the consistency of the data of clients who are clients of Tatra banka and at the same time clients of Tatra banka's subsidiaries, as well as in keeping the processed personal data up-to-date, therefore Tatra the bank as an operator, which is authorized on the basis of §93a par. 9 of the Banking Act, even without the consent of the persons concerned, to obtain data recorded in the register of natural persons and data kept in the register of identity cards, may provide such current personal data for the purpose of updating already processed personal data to other subsidiaries of Tatra banka.

Tatra banka's subsidiaries for this purpose are mostly:

  • Supplementary pension company Tatra banka, a. s., with registered office at Hodžovo námestie 3, 811 06 Bratislava, ID number: 36291111,
  • Tatra Asset Management, admin. spol. a. s., with registered office at Hodžovo námestie 3, 811 06 Bratislava, ID number: 35742968,

In connection with mutual sharing on legal grounds, which is the legitimate interest of Tatra banka, the affected person can object against such processing in compliance with Article 21 par. 1 GDPR. Further information about your rights as the affected person, including the right of objection are available in Clause 13 Information Memorandum of Personal Data Protection. 

As part of the provision of selected banking services, Tatra banka cooperates with selected third parties, such mutual relationship being defined as a relationship between two individual controllers. These are cases where such cooperation is necessary for the provision of both the bank’s services as well as the services of the third party. Such third parties are, for example:

  • APPLE DISTRIBUTION INTERNATIONAL in providing the Apple Pay service
  • Diagnose.me, a.s. in operating the website www.diagnose.me

Tatra banka does not publish your personal data.

Processors

Tatra banka may process your personal data in certain cases also by means of its processors. Processor is an entity authorised by Tatra banka to process personal data in compliance with the Article 28 GDPR. Authorisation for processing of your personal data by an processor does not require your consent or other legal ground such as in case of provision of data to other controllers. In such case the processor processes your personal data on behalf of Tatra banka as the controller.

Processing of personal data by means of an processor has no negative impact on performance and application of your rights as the data subject determined in Chapter III GDPR while the client can apply the respective rights with Tatra banka as the controller also directly with the particular processor which processes your personal data.

Tatra banka wants to assure you that it only uses the processors providing appropriate technical, organisational and other measures so that processing meets the GDPR requirements and protection of rights of the data subject is provided in full extent.

Tatra banka uses the following categories of processors at processing of your personal data:

  • companies which provide or execute financial and related services,
  • companies which provide payment services and monitoring of payment services,
  • companies which execute customer satisfaction surveys,
  • companies which provide marketing activities,
  • companies which provide print services and services of mass correspondence,
  • companies which execute maintenance of registry records pursuant to separate regulations,
  • companies which provide administrative services connected with delivery of petitions at the cadastral division of the respective district authorities and execution of other activities related with presenting a proposal for entering a record of mortgage in the Land Registry,
  • companies which provide retention activities,
  • companies which provide recovery and maintenance of receivables,
  • companies which provide execution of mortgage by means of public auction,
  • companies which provide protection of the services provided by Tatra banka via the Internet and prevention against cyber-attacks.

Transfer of personal data to third countries

Personal data are not the subject of cross-border transfer to third countries that do not ensure an adequate level of personal data protection except for the cases specified by valid legal regulations or specific situations when the Client must be notified of such transfer in advance.

Processing of personal data using cloud solutions

When processing personal data, cloud solutions or solutions of a similar technical nature are used in many cases. The use of such solutions is, for example, in many cases required as part of the implementation of state-of-the-art software tools, or improves efficiency and cost-effectiveness. Last but not least, such solutions also help maintain the integrity of the processed data and contribute towards the security of processing.

Depending on the type of processing activities, in such processing the providers of cloud or similar services act mainly as processors in accordance with Article 28 of the GDPR. In selecting its partners and in the course of the processing activities, Tatra banka is very careful to avoid any risk of data security breach or any negative impact on the rights of data subjects. Tatra banka also consistently makes sure to select only partners who have demonstrably implemented appropriate technical and organisational measures to ensure the level of security pursuant to point (c) Article 28 par.3 c) and Article 32 of the GDPR, so that the processing is performed in compliance with the valid legal regulations, in particular the GDPR, and to ensure protection of the rights of data subjects.

In such processing, personal data are not transferred to third countries which do not guarantee an adequate level of protection under the GDPR.

Tatra banka shall not provide your personal data to other entities, except for the cases in which you have granted your consent or written instruction to Tatra banka for such provision of data or if other legal ground for provision of your personal data to other entities exists, for instance in case of performance of the legal obligation of Tatra banka as the controller. Provision of your personal data to other entities in terms of performance of the legal obligation can be executed in the environment of Tatra banka only in cases set under the Act on Banks. In accordance with the Act on Banks, Tatra banka is obligated to provide personal data of its client without client's consent to the National Bank of Slovakia, to persons authorised to perform banking supervision including the invited persons and persons specified in § 6 par. 7 and § 49 par. 2 Act on Banks, resolution board for purposes of its function pursuant to the Act on Banks or a separate regulation, to auditors for the activities specified in the Act on Banks or separate act and to the Deposit Protection Fund for meeting the tasks pursuant to the separate
regulation.

Tatra banka is also obligated to provide your personal data if they are requested by an authority pursuant to § 91 par. 4 Act on Banks (and that for instance court, notary, investigative, prosecuting and adjudicating bodies, executor, criminal police services, etc.).

Tatra banka may also provide personal data to other entities without your consent in terms of meeting the legal duties:

  • in the area of providing and securing payment services pursuant to the Act on Payment Services,
  • in the area of protection against legalisation of incomes from criminal activities and financing of terrorism pursuant to the AML Act,
  • in connection with reporting to the law enforcement authorities about suspicion that a crime is being prepared, being committed or was committed,
  • in connection with the reporting duty to the respective authority of the Slovak Republic for the purpose of automatic exchange of information about financial accounts for purposes of tax administration pursuant to a separate regulation (FATCA, CRS),
  • in connection with consideration of the ability to repay a consumer loan pursuant to the Act No. 129/2010 on Consumer Loans and Other Credits and Loans for Consumers and on amendments to certain laws as amended,
  • in connection with meeting the reporting duty towards the National Security Authority in the field of cybersecurity pursuant to the Act No. 69/2018 Coll. on Cybersecurity,
  • in connection with providing data to the central register of accounts and fulfilment of obligations pursuant to the Act No. 123/2022 Coll. on Central Register of Accounts.

Also please note that Tatra banka and entities from the Raiffeisen Group have legitimate interest in mutual sharing of personal data processed within the Client processing purpose which can lead also to cross-border transfer of data, and that in terms of:

  • protection against legalisation of incomes from criminal activities and financing of terrorism,
  • meeting the duties connected with the execution of banking activities at the level of the Raiffeisen Group,
  • in connection with consideration of financial standing and credibility of clients.

Tatra banka is authorised, in compliance with provisions of the Act on Banks, to maintain its register of clients who do not meet their obligations ensuing from the contract relationships with Tatra banka duly and on time, Clients who have committed action considered by the Tatra banka as unusual business transaction under the AML Act and Clients the international sanctions according to a separate regulation relate to, and also to provide, yet without consent of the Client, information from the register to other banks and branches of foreign banks. 

Tatra banka and its subsidiaries act as a set of entities subject to supervision on a consolidated basis and fulfill selected legal obligations jointly and in cooperation with each other.

In connection with the above, we inform you that Tatra banka, as well as Tatra banka's subsidiaries, have a legitimate interest in the consistency of the data of clients who are clients of Tatra banka and at the same time clients of Tatra banka's subsidiaries, as well as in keeping the processed personal data up-to-date, therefore Tatra the bank as an operator, which is authorized on the basis of §93a par. 9 of the Banking Act, even without the consent of the persons concerned, to obtain data recorded in the register of natural persons and data kept in the register of identity cards, may provide such current personal data for the purpose of updating already processed personal data to other subsidiaries of Tatra banka.

Tatra banka's subsidiaries for this purpose are mostly:

  • Supplementary pension company Tatra banka, a. s., with registered office at Hodžovo námestie 3, 811 06 Bratislava, ID number: 36291111,
  • Tatra Asset Management, admin. spol. a. s., with registered office at Hodžovo námestie 3, 811 06 Bratislava, ID number: 35742968,

In connection with mutual sharing on legal grounds, which is the legitimate interest of Tatra banka, the affected person can object against such processing in compliance with Article 21 par. 1 GDPR. Further information about your rights as the affected person, including the right of objection are available in Clause 13 Information Memorandum of Personal Data Protection. 

As part of the provision of selected banking services, Tatra banka cooperates with selected third parties, such mutual relationship being defined as a relationship between two individual controllers. These are cases where such cooperation is necessary for the provision of both the bank’s services as well as the services of the third party. Such third parties are, for example:

  • APPLE DISTRIBUTION INTERNATIONAL in providing the Apple Pay service
  • Diagnose.me, a.s. in operating the website www.diagnose.me

Tatra banka does not publish your personal data.

Processors

Tatra banka may process your personal data in certain cases also by means of its processors. Processor is an entity authorised by Tatra banka to process personal data in compliance with the Article 28 GDPR. Authorisation for processing of your personal data by an processor does not require your consent or other legal ground such as in case of provision of data to other controllers. In such case the processor processes your personal data on behalf of Tatra banka as the controller.

Processing of personal data by means of an processor has no negative impact on performance and application of your rights as the data subject determined in Chapter III GDPR while the client can apply the respective rights with Tatra banka as the controller also directly with the particular processor which processes your personal data.

Tatra banka wants to assure you that it only uses the processors providing appropriate technical, organisational and other measures so that processing meets the GDPR requirements and protection of rights of the data subject is provided in full extent.

Tatra banka uses the following categories of processors at processing of your personal data:

  • companies which provide or execute financial and related services,
  • companies which provide payment services and monitoring of payment services,
  • companies which execute customer satisfaction surveys,
  • companies which provide marketing activities,
  • companies which provide print services and services of mass correspondence,
  • companies which execute maintenance of registry records pursuant to separate regulations,
  • companies which provide administrative services connected with delivery of petitions at the cadastral division of the respective district authorities and execution of other activities related with presenting a proposal for entering a record of mortgage in the Land Registry,
  • companies which provide retention activities,
  • companies which provide recovery and maintenance of receivables,
  • companies which provide execution of mortgage by means of public auction,
  • companies which provide protection of the services provided by Tatra banka via the Internet and prevention against cyber-attacks.

Transfer of personal data to third countries

Personal data are not the subject of cross-border transfer to third countries that do not ensure an adequate level of personal data protection except for the cases specified by valid legal regulations or specific situations when the Client must be notified of such transfer in advance.

Processing of personal data using cloud solutions

When processing personal data, cloud solutions or solutions of a similar technical nature are used in many cases. The use of such solutions is, for example, in many cases required as part of the implementation of state-of-the-art software tools, or improves efficiency and cost-effectiveness. Last but not least, such solutions also help maintain the integrity of the processed data and contribute towards the security of processing.

Depending on the type of processing activities, in such processing the providers of cloud or similar services act mainly as processors in accordance with Article 28 of the GDPR. In selecting its partners and in the course of the processing activities, Tatra banka is very careful to avoid any risk of data security breach or any negative impact on the rights of data subjects. Tatra banka also consistently makes sure to select only partners who have demonstrably implemented appropriate technical and organisational measures to ensure the level of security pursuant to point (c) Article 28 par.3 c) and Article 32 of the GDPR, so that the processing is performed in compliance with the valid legal regulations, in particular the GDPR, and to ensure protection of the rights of data subjects.

In such processing, personal data are not transferred to third countries which do not guarantee an adequate level of protection under the GDPR.

GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

Data subject - Natural person whose personal data are processed. It is a person who can be identified directly or indirectly, especially with reference to the identifier such as name, identification number, online identifier or one or several elements specific for physical, physiological, genetic, mental, economic, cultural or social identify of this natural person.

Client - Person with whom Tatra banka, in performing its banking activities, entered into transaction, where a bank transaction means formation, change or termination of contractual relationships between the client and Tatra banka. The Clients also means a person with whom Tatra banka discussed an execution of transaction, although this transaction was not executed , the person who ceased to be a client of Tatra banka, a person providing security and the representative of a client who concluded a banking transaction on behalf of the client or negotiated such conclusion. For the purposes of this document, the Client is also a beneficiary defined by AML Act.

Processing - Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by
transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Anti Money Laundering - Prevention of legalization of proceeds from criminal activity and financing of terrorism.

Client processing purpose - Personal data processed by Tatra banka for the following purpose:
Provision of banking services, financial and related services, identification of Tatra banka clients and identification of Tatra banka contract partners* (*Contract partner is an entity Tatra banka cooperates with at receiving payment means in the extent in which it could not be considered as the Client under other circumstances).

Marketing processing purpose - Personal data processed by Tatra banka for the following purpose:
Informing about products, innovations and services provided by Tatra banka in connection with obtaining benefits from Tatra banka.

Controller - Any person who, alone or together with other parties, determines the purposes and means of personal data processing and processes personal data on their behalf. For purposes hereof the controller is Tatra banka.

Processor - Any person who processes personal data on behalf of the controller on basis of authorisation
in compliance with Article 28 GDPR.

Act on Banks Act
No. 483/2001 Coll. on Banks.

AML Act
No. 297/2008 Coll. on the Prevention of Legalization of Proceeds of Criminal Activity and Terrorist Financing on Amendments and supplements to Certain Acts as amended.

Act on Securities
Act No. 566/2001 Coll. on Securities and Investment Services

Act on Collective Investment
Act No. 203/2011 Coll. on Collective Investment

Act on Payment Services
Act No. 492/2009 Coll. on Payment Services

Act on Financial Intermediation and Financial Counselling
Act No. 186/2009 Coll. Financial Intermediation and Financial Counselling

Act  on Accounting
Act No. 431/2002 Coll. on Accounting


GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

Data subject - Natural person whose personal data are processed. It is a person who can be identified directly or indirectly, especially with reference to the identifier such as name, identification number, online identifier or one or several elements specific for physical, physiological, genetic, mental, economic, cultural or social identify of this natural person.

Client - Person with whom Tatra banka, in performing its banking activities, entered into transaction, where a bank transaction means formation, change or termination of contractual relationships between the client and Tatra banka. The Clients also means a person with whom Tatra banka discussed an execution of transaction, although this transaction was not executed , the person who ceased to be a client of Tatra banka, a person providing security and the representative of a client who concluded a banking transaction on behalf of the client or negotiated such conclusion. For the purposes of this document, the Client is also a beneficiary defined by AML Act.

Processing - Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by
transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Anti Money Laundering - Prevention of legalization of proceeds from criminal activity and financing of terrorism.

Client processing purpose - Personal data processed by Tatra banka for the following purpose:
Provision of banking services, financial and related services, identification of Tatra banka clients and identification of Tatra banka contract partners* (*Contract partner is an entity Tatra banka cooperates with at receiving payment means in the extent in which it could not be considered as the Client under other circumstances).

Marketing processing purpose - Personal data processed by Tatra banka for the following purpose:
Informing about products, innovations and services provided by Tatra banka in connection with obtaining benefits from Tatra banka.

Controller - Any person who, alone or together with other parties, determines the purposes and means of personal data processing and processes personal data on their behalf. For purposes hereof the controller is Tatra banka.

Processor - Any person who processes personal data on behalf of the controller on basis of authorisation
in compliance with Article 28 GDPR.

Act on Banks Act
No. 483/2001 Coll. on Banks.

AML Act
No. 297/2008 Coll. on the Prevention of Legalization of Proceeds of Criminal Activity and Terrorist Financing on Amendments and supplements to Certain Acts as amended.

Act on Securities
Act No. 566/2001 Coll. on Securities and Investment Services

Act on Collective Investment
Act No. 203/2011 Coll. on Collective Investment

Act on Payment Services
Act No. 492/2009 Coll. on Payment Services

Act on Financial Intermediation and Financial Counselling
Act No. 186/2009 Coll. Financial Intermediation and Financial Counselling

Act  on Accounting
Act No. 431/2002 Coll. on Accounting

GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

Data subject - Natural person whose personal data are processed. It is a person who can be identified directly or indirectly, especially with reference to the identifier such as name, identification number, online identifier or one or several elements specific for physical, physiological, genetic, mental, economic, cultural or social identify of this natural person.

Client - Person with whom Tatra banka, in performing its banking activities, entered into transaction, where a bank transaction means formation, change or termination of contractual relationships between the client and Tatra banka. The Clients also means a person with whom Tatra banka discussed an execution of transaction, although this transaction was not executed , the person who ceased to be a client of Tatra banka, a person providing security and the representative of a client who concluded a banking transaction on behalf of the client or negotiated such conclusion. For the purposes of this document, the Client is also a beneficiary defined by AML Act.

Processing - Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by
transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Anti Money Laundering - Prevention of legalization of proceeds from criminal activity and financing of terrorism.

Client processing purpose - Personal data processed by Tatra banka for the following purpose:
Provision of banking services, financial and related services, identification of Tatra banka clients and identification of Tatra banka contract partners* (*Contract partner is an entity Tatra banka cooperates with at receiving payment means in the extent in which it could not be considered as the Client under other circumstances).

Marketing processing purpose - Personal data processed by Tatra banka for the following purpose:
Informing about products, innovations and services provided by Tatra banka in connection with obtaining benefits from Tatra banka.

Controller - Any person who, alone or together with other parties, determines the purposes and means of personal data processing and processes personal data on their behalf. For purposes hereof the controller is Tatra banka.

Processor - Any person who processes personal data on behalf of the controller on basis of authorisation
in compliance with Article 28 GDPR.

Act on Banks Act
No. 483/2001 Coll. on Banks.

AML Act
No. 297/2008 Coll. on the Prevention of Legalization of Proceeds of Criminal Activity and Terrorist Financing on Amendments and supplements to Certain Acts as amended.

Act on Securities
Act No. 566/2001 Coll. on Securities and Investment Services

Act on Collective Investment
Act No. 203/2011 Coll. on Collective Investment

Act on Payment Services
Act No. 492/2009 Coll. on Payment Services

Act on Financial Intermediation and Financial Counselling
Act No. 186/2009 Coll. Financial Intermediation and Financial Counselling

Act  on Accounting
Act No. 431/2002 Coll. on Accounting

GDPR - Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC.

Data subject - Natural person whose personal data are processed. It is a person who can be identified directly or indirectly, especially with reference to the identifier such as name, identification number, online identifier or one or several elements specific for physical, physiological, genetic, mental, economic, cultural or social identify of this natural person.

Client - Person with whom Tatra banka, in performing its banking activities, entered into transaction, where a bank transaction means formation, change or termination of contractual relationships between the client and Tatra banka. The Clients also means a person with whom Tatra banka discussed an execution of transaction, although this transaction was not executed , the person who ceased to be a client of Tatra banka, a person providing security and the representative of a client who concluded a banking transaction on behalf of the client or negotiated such conclusion. For the purposes of this document, the Client is also a beneficiary defined by AML Act.

Processing - Any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by
transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Anti Money Laundering - Prevention of legalization of proceeds from criminal activity and financing of terrorism.

Client processing purpose - Personal data processed by Tatra banka for the following purpose:
Provision of banking services, financial and related services, identification of Tatra banka clients and identification of Tatra banka contract partners* (*Contract partner is an entity Tatra banka cooperates with at receiving payment means in the extent in which it could not be considered as the Client under other circumstances).

Marketing processing purpose - Personal data processed by Tatra banka for the following purpose:
Informing about products, innovations and services provided by Tatra banka in connection with obtaining benefits from Tatra banka.

Controller - Any person who, alone or together with other parties, determines the purposes and means of personal data processing and processes personal data on their behalf. For purposes hereof the controller is Tatra banka.

Processor - Any person who processes personal data on behalf of the controller on basis of authorisation
in compliance with Article 28 GDPR.

Act on Banks Act
No. 483/2001 Coll. on Banks.

AML Act
No. 297/2008 Coll. on the Prevention of Legalization of Proceeds of Criminal Activity and Terrorist Financing on Amendments and supplements to Certain Acts as amended.

Act on Securities
Act No. 566/2001 Coll. on Securities and Investment Services

Act on Collective Investment
Act No. 203/2011 Coll. on Collective Investment

Act on Payment Services
Act No. 492/2009 Coll. on Payment Services

Act on Financial Intermediation and Financial Counselling
Act No. 186/2009 Coll. Financial Intermediation and Financial Counselling

Act  on Accounting
Act No. 431/2002 Coll. on Accounting