Are you staying abroad? You open an account online from BT Pay100 euro cashback in account Your home bank
  • CREDITS
    CARDS
    ACCOUNTS AND OPERATIONS
    ECONOMY AND INVESTMENTS
    INSURANCES
    PREMIUM BANKING
    Bt pay kiddo
    Bt pay kiddo
    DIASPORA
    DIASPORA
    Advertisement - opens in a new tab
  • ACCOUNTS AND OPERATIONS
    Funding
    CARDS
    Payment solutions
    ECONOMY AND INVESTMENTS
    Specialized sectors
    Advertisement
  • Careers
    Newsroom
    Blog
    Podcast
    BT Community
  • We have taken a firm commitment towards Romanians and local entrepreneurs in supporting their dreams, BT being the partner with whom they can start their journey.
    OMER Tetik
    CEO Banca Transilvania
    • Open an account online
    Call Center
    • Call Center status meter dynamic emoji
    High waiting time!

    Currently, we are recording a very large number of calls in the Call Center. If you have an urgent problem, call now, and if not, we look forward to seeing you later. For quick answers, try Question BT - opens in a new tab or BT Visual Help - opens in a new tab.

    • 0264 308 028 or *8028The number is available from any national network. Normal rate.
    0264 303 003Direct line for all Romanians who are abroad, including assistance in English. Regular rate.
    Fraud assistance
    In case you suspect fraud on your account, call quickly at 0264 308 055. Normal rate.
    BT AI Chat Logo - opens in a new tab
    Search with AI Search - opens in a new tab

    AI Search from Ask BT answers all your banking questions.

    - opens in a new tab
    BT Visual Help - opens in a new tab

    See your account details quickly, call 0264 308 000 and you receive a text message with the access link.

    You have reached the end of the results
    No results found
    Popular searches
    Skip to main content

    Information note regarding the processing of personal data for obtaining/increasing the credit line related to a BT credit card, exclusively online

    Printable version of this information note Download

    Who is the personal data operator?

    BANCA TRANSILVANIA S.A. (hereinafter "the bank" or "BT") credit institution, Romanian legal entity, with identification and contact details presented in section III of General information note concerning the processing and protection of personal data belonging to BT Clients, offers its individual clients the possibility to obtain a BT credit card/ increase the credit line associated with a BT credit card, exclusively online.

    In the general note indicated above, which is an integral part of BT Privacy Policy from the Transilvania Bank's website, found and distinct in the section Privacy Hub from this site, you can find detailed information about the rights you benefit from regarding the processing of your personal data, about the ways you can exercise them or about how you can contact the person responsible for data protection appointed by BT (DPO BT).

    If you want to apply for obtaining or, as the case may be, for increasing the credit line related to an exclusively online BT credit card, we will process your personal data for multiple purposes and legal grounds; we alone, as the exclusive operator of the data or, as the case may be, together with other operators associated with us.

    In this information note, when we refer to the processing of personal data for applying for/obtaining/contracting a BT credit card, the information also applies to the processing of data carried out when you request an increase of the credit line related to a BT credit card you have previously obtained (regardless of whether you contracted it at a BT branch or online).

    Also, when we refer to the processing of personal data for the conclusion and execution of the credit card contract, the information is also valid for the processing of personal data for the conclusion/execution of an addendum to the credit contract. This addendum will be concluded between you and the bank if your credit line increase related to a card previously obtained by you is approved (regardless of whether you contracted it at a BT branch or online).

    On what grounds do we process data and what happens if you refuse to have them processed?

    Personal data processing carried out by BT in the context of applying for and, if applicable, contracting an exclusively online credit card is based on the following grounds:

    • the legal obligations to which BT is subject through various normative acts,
    • conclusion/execution of the credit card contract or going through the necessary steps for its conclusion,
    • our legitimate interest and/or that of third parties, (e.g. the interest in preventing fraud or the legitimate interest in consulting your situation in the records of Credit Bureau SA for assessing your creditworthiness, the legitimate interest in contacting you to resolve situations that may arise when applying for obtaining/increasing the credit line related to the card),
    • your consent, such as for consulting your income in the ANAF database or for verifying your identity and your status as a BT client based on biometric data.

    When the law requires us to carry out certain personal data processing or when they are necessary for concluding the credit card contract, if you refuse their processing, BT will not be able to analyze your request or, as the case may be, you will not be able to contract the BT card.

    For processing based on the legitimate interest of BT or third parties, refusing to have your data processed may make it impossible for you to submit or for us to analyze your request or obtain the BT credit card.

    If the processing of personal data is based on your consent (e.g. querying income at ANAF, processing biometric data), we will request this agreement at the appropriate time in the online flow, so that the entire process is as transparent as possible towards you. If you refuse to grant us this consent, you cannot obtain the credit card exclusively online, but you have the possibility to apply at a BT unit.

    For what purposes do we process personal data, what data are they, for how long do we keep them, and to whom can we disclose them?

    In the following lines we distinctly present the purposes for which we intend to process personal data so that you can apply and, if applicable, contract a BT credit card exclusively online.

    Depending on the purpose of the processing, you will be presented with information about the storage period of your data, the categories of data recipients, the existence of automated decision-making processes, as well as the rights you have regarding the processing of your data.

    A. Personal data processed for identity verification, in order to prevent fraud, money laundering and terrorism financing, to confirm the status of BT Client, and to contact you for the purpose of providing support or evaluating the quality of this BT service

    Legislation applicable to us obliges us to verify the identity of persons with whom we conclude various contracts. Also, we have a legitimate interest in ensuring that we prevent attempts at fraud through identity theft in the online environment.

    When a person requests a credit card at a BT unit, their identity is verified based on the original identity document presented. Online, we do not have this possibility, so we will do things a little differently. We have chosen a method that ensures who the BT client applying is, so that we can prevent possible fraud attempts. This method uses the latest technologies, processing the so-called biometric data. However, we will not be able to use this data without your explicit consent. Before freely deciding whether you want to express it, here is what the use of your biometric data entails:

    • you will need to photograph your identity card ("ID"), which also contains your image (requires access to the camera);
    • the IT solution we use will identify in the ID photo the section that includes your face, select it, and then compare it with the face from the copy of your identity document that is already registered in BT records. The comparison is made biometrically, based on criteria such as: the color, size, and tilt of the eyes, the position and distance between the main elements of the face such as the eyes, eyebrows, lips, and nose. Following the comparison, the IT solution will issue a confidence score, indicating the probability that the face in the two images belongs to the same person.

    If you do not wish your biometric data (facial identification) to be processed, you can apply for a credit card at any BT branch, where your identity will be verified without using such data.

    Also, in case the facial identification tool issues an unsatisfactory confidence score, you will be able to resume the application process at a BT unit.

    We will automatically capture the data from the photographed ID card (through optical character recognition), which we will compare with the corresponding data from the copy of your identity document already registered in our records.

    If they match, you can proceed further on the flow. Otherwise, you will first need to update your data in BT records.

    The data taken from the identity card will also be used for the credit card application that you fill out online.

    We will also request your contact details - phone number and email address - which we will verify, to be sure they belong to you, as they are very important in the electronic signing process of the documentation for obtaining the BT online credit card. If we notice that you have not completed the application flow, we will be able to use these contact details to see if you need support to complete the application, but also to find out your opinion about the flow in BT Pay for obtaining an online credit card / increasing the credit line related to a previously obtained card.

    B. Personal data processed for loan application analysis, including automated decision-making processes based on profiling

    To analyze the application through which you apply for a BT card exclusively online, we process information concerning you both in our internal records and in the records of the Credit Bureau, where we check your situation. All information related to this processing can be found in points I and II below.

    Because it is essential to provide you with a quick response to your online credit card application, we will make the decision to grant the credit or, as the case may be, to reject this application based solely on the automated processing of data, a decision about which you will find details below, in section II (5).

    1. Identification data of operators

    Banca Transilvania S.A. and the Credit Office Society S.A., a Romanian legal entity with headquarters in Bucharest, Sfânta Vineri street, no. 29, 4th floor, sector 3, as associated operators, process your personal data in good faith, fairly and transparently, for specific and legitimate purposes, in accordance with the provisions of Regulation (EU) no. 679 of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (the Regulation).

    Credit Bureau SA is the private law entity that manages the Credit Bureau System, in which personal data related to lending activities carried out by Participants is processed.

    Participants in the Credit Bureau System are credit institutions, non-bank financial institutions, insurance companies, and debt collection companies, which have signed a Participation Agreement with the Credit Bureau.


    2. The legal basis and purpose of processing

    Banca Transilvania S.A. and the Credit Bureau processes your personal data based on the legitimate interest of the Participants and the Credit Bureau for conducting responsible credit activities, under the conditions of protecting, facilitating access to credit, and preventing the excessive indebtedness of the data subjects, complying with the legal framework regarding creditworthiness assessment and risk reduction, as well as preventing the use of the financial-banking system for carrying out activities contrary to the law.

    Banca Transilvania S.A. are the obligation, according to the legal regulations in force, to assess your credit repayment capacity, before concluding a credit agreement and during its term. For this purpose, Banca Transilvania S.A. processes the information indicated at point (4), registered under your name in its own records and transmits them to the Credit Bureau for processing by this institution and for consultation by any Participant, for the purpose of initiating or conducting a credit relationship, as well as securing credit-type products.


    3. The obligation to provide data and the consequences of non-compliance with it

    Providing your personal data is necessary for the purpose mentioned in point (2). Refusal to provide your personal data, necessary for achieving the purpose mentioned above, will lead to the inability of Banca Transilvania S.A. to fulfill its legal obligations in connection with granting the credit.


    4. Categories of personal data processed in the Credit Bureau System

    • identification data of the data subject: the name, first name, personal numeric code or CUI for authorized natural persons or CIF for natural persons practicing liberal professions or country code and passport series / number for non-resident persons, home/residence address, phone number, date of birth;;
    • information regarding the employer: employer's address, date of registration of this information, VAT number;
    • data related to requested/granted credit type products: the type and name of the Participant, type of product, the state of the product/account, granting date, account duration, amounts granted, amounts owed, update date, currency, payment frequency, amount paid, monthly rate, outstanding amounts, number of days of delay, date of first outstanding payment, delay category, date of last payment;
    • data related to events occurring during the term of the credit-type product, such as those related to restructuring/refinancing, payment in kind, assignment of the loan agreement, assignment of the debt;
    • data related to relationships with other accounts: information regarding credit-type products for which the data subject has the status of co-debtor and/or guarantor;
    • data related to insolvency: information regarding the data subjects against whom an insolvency procedure has been opened;
    • number of queries: indicates the number of Credit Reports issued by the Credit Bureau, at the request of one or more Participants.

    In the process of analyzing your credit application, Banca Transilvania S.A. will request from the Credit Bureau the issuance of a Credit Report, with or without a FICO® Score, to verify if you meet the debt-to-income ratio established by law and if you have the capacity to repay the credit. To obtain the Credit Report, Banca Transilvania S.A. will transmit to the Credit Bureau your name, surname, and personal numeric code.

    After granting the credit, Transilvania Bank S.A. will transmit your personal data provided at points a)-f) to the Credit Bureau. This information is shared with other Participants, within the Credit Bureau System, and is used for the purpose mentioned in point 2.

    Your ability to repay debts on maturity can be periodically verified, after granting the loan, including through obtaining Credit Reports or through the use of *Alert Service.

    In the event that, during the term of the granted credit, you delay the payment of installments by more than 30 calendar days from the due date, Banca Transilvania S.A. will transmit to the Credit Bureau information regarding the outstanding amounts, the delay category, the date of the first overdue installment and/or, as the case may be, information regarding the initiation of the payment surrender procedure, only after notifying you at least 15 calendar days in advance, made in writing, by phone, SMS, e-mail or by another electronic communication means.

    *The Alert Service is used by Participants to identify and/or reduce credit risk in a timely manner, by generating an alert to a Participant when an event is recorded for their own debtor (account opening/closing, entry/exit from arrears, account correction, registration/deletion of guarantor/co-debtor status, account inquiry, employer name/phone number modification) at another Participant.


    5. FICO® Score from the Credit Bureau

    Personal data provided at point (4) may be processed by the Credit Bureau, including to calculate, at the request of Participants, the FICO® Score from the Credit Bureau.

    Participants can use the FICO® Score from the Credit Bureau in order to reduce the credit risk associated with a debtor/potential debtor.

    FICO® Score from the Credit Bureau is a number between 300 and 850, obtained following the statistical process that processes the information registered by Participants in the Credit Bureau System and indicates the probability that the targeted person will pay their installments on time in the future. The main causes that led to the decrease of the FICO® Score from the Credit Bureau are displayed in the form of reason-codes.

    FICO® Score from the Credit Bureau takes into account the following elements that provide predictability: payment history, current debt, account(s) duration (average number of months since the credits were granted), new credit requests (number of inquiries and credits granted in the last 6 months), credit mix (types of credits granted), age of the person concerned. The influence of these elements on the value of the FICO® Score from the Credit Bureau may vary depending on the information recorded at the Credit Bureau for each person concerned.

    FICO® Score from the Credit Bureau represents a highly predictive analysis tool which, together with the data from the Credit Report and information obtained by Participants from other sources, contributes to the correct evaluation of the creditworthiness of the targeted person for the purpose of concluding/executing the credit agreement.


    6. Recipients of the data

    The personal data recorded in the Credit Bureau System are disclosed to Participants, upon request, for the purpose mentioned in point (2).

    Personal data processed in the Credit Bureau System will not be disclosed to third parties, except authorities and public institutions, according to their competences and applicable legislation, such as the National Authority for the Supervision of Personal Data Processing, the National Bank of Romania, the National Integrity Authority, courts of law, public notaries, judicial executors, criminal investigation bodies.


    7. Storage period

    Personal data are stored at the Credit Bureau and disclosed to Participants for 4 years from the update date, except for the data of credit applicants who have withdrawn their credit application or to whom the credit was not granted, which are stored and disclosed to Participants for a period of 6 months.


    8. Rights of the data subjects regarding the processing of personal data

    As a data subject, you can exercise your rights provided by the Regulation as follows:

    a) the right of access to data can be exercised:

    • by a written, signed request, sent by mail to the Credit Bureau, or
    • by securely accessing the Credit Bureau website (www.birouldecredit.ro), or
    • personal or electronically, to the Participant who holds the status of creditor/potential creditor of yours.

    At the same time, you have the right to obtain, upon request, at the time of communication of the credit decision, a copy of the Credit Report issued by the Credit Bureau, which was used by Banca Transilvania S.A. in the analysis of the credit application.

    b) the right to rectify data,

    c) the right to erase data,

    d) the right to data restriction ,

    e) the right to object to processing, including the automated individual decision-making process,

    can be exercised:

    • by securely accessing the Credit Bureau website (www.birouldecredit.ro), or
    • personal or electronically, to the Participant who holds the status of creditor/potential creditor of the data subject.

    f) the right to address the National Authority for the Supervision of Personal Data Processing and the judiciary.

    9. The contact details of the data protection officers are:

    This is a specific information note regarding the processing of personal data for the purpose of analyzing the credit application addressed to BT. The provisions of this note are supplemented by General information note concerning the processing and protection of personal data belonging to BT Clients, in which you find presented in detail all the other purposes for which your data is processed. The general information note is an integral part of the BT Privacy Policy, found on the Bank of Transylvania's website and can be obtained on request at any BT unit.


    1. Operator's identity

    Banca Transilvania S.A. processes your personal data as an operator for the purpose of pre-offering and, where applicable, analyzing the credit application submitted.


    2. The legal basis and purpose of processing

    In order to pre-offer and, where applicable, to analyze the credit application submitted, in accordance with the need to carry out responsible lending activity, besides processing your personal data in the system of Credit Bureau S.A. - about which you were informed at point I. of this notice - Transilvania Bank S.A. processes such data in its own records, based on the legal obligations it must comply with, the conclusion of the credit agreement, and on the legitimate interest.

    The bank will process any of the contact data provided within the credit application submitted, for the purpose of notifying the credit applicant in writing regarding the approval/rejection decision, in accordance with the applicable legal provisions. If the applicant wishes to use another form for communicating the decision, they may address the bank with an express request in this regard.


    3. The obligation to provide data and the consequences of non-compliance with it

    Providing your personal data is necessary for the purpose mentioned in point II.(2). Refusal to provide your personal data, necessary for achieving the purpose mentioned above, will lead to the inability of Transilvania Bank S.A. to fulfill its legal obligations regarding the granting of the loan, and the loan application will not be able to be analyzed.


    4. Categories of personal data processed within Banca Transilvania S.A.

    Personal data mentioned within this information at point I. (4), II. (5), as well as other categories of such data collected in the fields of the credit application are processed by Banca Transilvania S.A. within the process of analyzing the submitted credit application, both in the Credit Bureau S.A. system and in the bank’s own records, including being verified (name, surname and/or personal identification number) - as applicable - in public databases such as websites - the courts portal, the National Trade Register Office, etc.


    5. The existence of an automated decision-making process, including profiling created through the BT scoring application

    In order to objectively verify the fulfillment of eligibility conditions for pre-offering and, as the case may be, for analyzing the credit application, BT processes your personal data in its own automatic system ("BT scoring application"), to carry out the necessary steps for concluding the credit contract at your request, as well as on the basis of our legitimate interest in efficiently managing the credit risk.

    In the BT scoring application, some of the personal data that we request from you in the credit application/pre-application are entered and automatically processed, together with information resulting from checks carried out in the bank's own records or those of Credit Bureau S.A., such as (for informational purposes but not limited to) depending on the case - information related to the status as a BT client, income level, professional and personal nature information, the level of monthly payment obligations, payment history on other loans. Following the analysis of all the information and the result of consulting the records of Credit Bureau S.A., the BT scoring application issues a score that establishes a profile of the debtor/potential debtor based on the information presented in the previous lines, which will be considered in the analysis process and which takes into account the probability of paying the monthly payment obligations.

    Based on the score issued by the BT scoring application, which is accompanied by the result of the applicant's situation verification in public databases such as websites - the courts' portal, ONRC, etc. - Banca Transilvania S.A. determines whether the eligibility conditions established by its internal regulations are met and will make the decision to accept or reject the credit application.

    We will make the decision to approve/reject the loan application exclusively by automated means because the application is submitted online and it is essential to provide you with a response within a very short time frame. In such situations, making the decision by such means is necessary in order to quickly analyze the application and, if applicable, to conclude the loan agreement. However, you are guaranteed the right to request human intervention, meaning the review of the loan application by a bank employee, to express your point of view and to contest the decision.


    6. Recipients of the data

    In addition to the recipients mentioned in point I.(6) of this notification, the personal data processed for the purpose indicated in point II. (2) are disclosed, as appropriate, to the following recipients: ANAF (for consulting the database of the Ministry of Public Finance, if you have given your consent in this regard on the dedicated form), Credit Bureau S.A. (to check your status in the records of this institution), insurance companies, evaluators (in the case of loans for which an evaluation of the goods brought as collateral is carried out), FNGCIMM (in the case of Prima Casă, Nouă Casă, or Prima Mașînă loans), providers of the BT scoring application or other services used by Banca Transilvania S.A. within the process of analyzing the loan application and/or within other processes specific to its object of activity.


    7. Storage period

    Personal data filled in the credit application are kept in the records of Banca Transilvania for legally established limited periods (e.g. according to the financial accounting legislation) or internally.


    8. Rights of the data subjects regarding the processing of personal data

    For exercising the rights (the right to access data, the right to rectify data, the right to delete data, the right to restrict data, the right to object to processing) provided by the Regulation in connection with the processing of your personal data in the system of Credit Bureau S.A. in relation to Transilvania Bank S.A. you can use any of the methods indicated at point I.(8).

    In case you understand to exercise these rights at Banca Transilvania S.A. (both for the processing of personal data in the Credit Bureau S.A. system, as well as within Banca Transilvania S.A.), you can address your written request to the address in Cluj-Napoca Municipality, Calea Dorobanților Street, no. 30-36, Cluj County, with the mention – "to the attention of the data protection officer (DPO)" or electronically to the e-mail address dpo@btrl.ro. You also have the right to address the National Authority for the Supervision of Personal Data Processing and the judiciary.

    You must know that BT, in its capacity as a credit institution, is subject to legal obligations to establish and analyze its exposure to connected client groups, as part of the credit risk analysis. For this purpose, it is necessary to collect from you, as the credit applicant and, where applicable, from other public or internal sources, information about persons with whom you form the same connected client group.

    Your husband/wife is always a person in contact with you. If you are married, you will need to provide us with his/her last name, first name, and personal numeric code.

    As the declaring person, BT will report these exposures and the component of debtor client groups in connection to BNR, the Credit Risk Central (only where applicable).

    The people in your group can find out information about the processing of their data in section C point 3 of BT Privacy Policies, found on Transilvania Bank's website.

    These data are necessary for BT in order to proceed with the analysis of your credit application, and your refusal to provide them may determine BT's inability to analyze the application and/or approve the credit.

    Personal data belonging to these categories of natural persons are transmitted to the Credit Risk Center within the BNR, as well as, where appropriate, in compliance with the need-to-know principle, to entities within the Banca Transilvania Financial Group and service providers used by BT within the credit application analysis process.

    The retention period of the data of these persons in the BT records is equal to that of the existence of one or more groups of clients in connection of which they are members.

    Information on group membership Download

    When we analyze your credit application, we have the legal obligation and legitimate interest to determine your debt level and your capacity to repay the requested credit. For this, it is necessary to know the exact situation of your incomes. To make everything go quickly, when you apply for a BT credit card exclusively online, we want to find out your incomes from the ANAF records. However, we will not consult them without your express consent. We inform you that the tax-related information consulted by BT in the ANAF records can also be made available to you directly through the private virtual space managed by ANAF.

    If you agree to us consulting your income in the ANAF records, we will be able to carry out the consultation for a maximum period of 5 working days from the date you express your consent. The form through which you express your consent or refusal will be kept for at least 8 years, in order to prove that we have fulfilled our obligation to inform you properly and to request your consent.

    In case you wish to express your disagreement (the NO answer), you will not be able to continue the online application process, but you can apply for the desired credit card at any BT branch, where other ways to prove your income will be presented to you.

    We are going to consult the records of the Ministry of Finance, the National Agency for Fiscal Administration (ANAF), regarding the personal data registered under your name indicated below* (*please note that the query consent form that will be displayed for your signature during the online application process is a standard one, used both for querying data of individuals and legal entities. However, the process you are going through is dedicated only to individuals, so we only show you in this information note the categories of data processed when querying individuals' income).

    • identification data: name and surname, personal numeric code/tax identification number, ID and signature;
    • the name of the form of exercising the profession/of earning income, the tax identification code of the form of exercising the profession/of earning income, the address/seat of the form of exercising the profession/of earning income;
    • revenues earned from any kind of activities (salaried, authorized/independent, pensions, social insurance, rentals, etc.);

    The purpose/purposes of processing these data is, as the case may be, (i) to initiate or carry out contractual relationships specific to BT's activity (ii) to achieve BT's legitimate interests and/or (iii) to fulfill legal obligations incumbent on BT, including those related to risk management or those arising from administrative acts issued by competent authorities in the application of the law:

    If you express your consent, you have the right to withdraw it at any time, within the 5-day period. In this case, once the notification is received, BT will no longer process your personal data for the purpose(s) mentioned above, except if there is another legal basis for this. However, please note that the legality of the personal data processing carried out before the withdrawal of consent will not be affected. To exercise the right to withdraw consent, you must send BT a request in written form, dated and signed, to the bank's headquarters address - with the mention "to the attention of DPO" - or to the email address dpo@btrl.ro, in which you must state that you withdraw the consent given by the agreement.

    Your exercise of the other rights provided by the GDPR is also guaranteed, which you can find detailed in the BT Privacy Policy on the website www.bancatransilvania.ro/. You will have to exercise them in the ways explicitly indicated in the ANAF query agreement that you will sign during the online application process.

    C. Information regarding the processing of personal data on the occasion of concluding and during the execution of a credit agreement concluded with BT

    Presence is a specific information note concerning the processing of personal data for the purpose of concluding and executing a credit contract. The provisions of this note are supplemented by the General Information Note regarding the processing and protection of personal data belonging to BT Clients, where you will find detailed presentation of all other purposes for which your data is processed. The General Information Note is an integral part of the BT Privacy Policy, found on the Bank of Transylvania's website and can be obtained on request at any BT unit.


    1. Operator's identity

    Banca Transilvania S.A. processes as the operator your personal data for concluding and executing the credit contract concluded with the bank and, where appropriate, the guarantee contract - accessory to the credit contract.


    2. The legal basis and purpose of processing

    For the conclusion and execution of credit contracts and, as appropriate, the related guarantee contracts, the bank processes the categories of personal data mentioned in this section at point (4), based on its legal obligations, the conclusion and execution of the contract, and based on legitimate interest.

    The bank will use any of the borrower's provided contact details to carry out the contractual relationship with the bank for the purpose of informing about the due date of each installment, as well as, if applicable, for sending notifications regarding the expiration of insurance policies, for the recovery of debts on the contracted loan, and for other events related to it.


    3. The obligation to provide data and the consequences of non-compliance with it

    Providing your personal data is necessary for the purpose mentioned in point (2). Refusal to process your personal data necessary to achieve the mentioned purpose will lead to the bank being unable to offer you the requested loan.


    4. Categories of personal data processed

    The personal data processed by the bank for the purpose mentioned in point (2) are those about which you have been informed that they are processed within the pre-offer/application analysis stage (detailed at letter B points I, II, and III of this information note) to which other such data received from you on the occasion/for the conclusion of the credit contract, together with its accessories, are added. Upon concluding the contract, an IBAN code related to the contracted credit will be allocated to you, through which the payments related to it will be carried out. Also, the credit card will contain, in addition to the holder's name and surname, the card number (PAN), as well as information related to the card's expiration date and the CVV code.

    In order to send you the credit contract we will also use the email address we requested from you and have verified that you use it.


    5. Data recipients

    Personal data processed for the purpose mentioned in point (2) are disclosed or transferred in accordance with the applicable legal grounds, depending on the situation and only under conditions that ensure full confidentiality and data security, to the following categories of recipients - Credit Bureau S.A. and Participants in this system, insurance companies, appraisal companies, service providers used by the Bank in the credit process, debt collection companies, OCPI, the National Register of Movable Property Publicity (RNPM), authorities and public institutions, notaries public, lawyers, bailiffs, Credit Risk Center*, societies (funds) guaranteeing various types of credit products, the Bank's partners - Rotary and Flying Blue, for credit cards issued in collaboration with them.

    *The bank has the legal obligation to report to the Credit Risk Center (CRC) credit risk information for each debtor who meets the condition to be reported (including identification data of a debtor, natural person or non-banking legal entity, and operations in local currency and foreign currency through which the Bank is exposed to risk towards that debtor), respectively to have recorded an individual risk towards them, as well as information about detected card frauds.

    **The bank has the legitimate interest to report in the Credit Bureau System, to which the other Participants (mainly credit institutions and non-banking financial institutions) also have access, your personal data in case you register delays in loan payment of at least 30 days, after your prior notification in this regard at least 15 days before the reporting date.


    6. The duration of personal data storage

    Personal data processed for the purpose indicated in point (2) are stored in the bank's records for legally established limited periods (e.g. according to financial accounting legislation) or internally. Those personal data that are processed in the Credit Bureau system and disclosed to the Participants in this system are stored in the records of this institution for 4 years from the date of update. In the records of the Credit Risk Center, data reported under the legal obligation of the Bank, respectively credit risk information and information about card fraud, are maintained for a period of 7 years from the date of registration.


    7. The rights of data subjects regarding the processing of personal data

    As a data subject, you can exercise your rights provided by EU Regulation 679/2016 - the General Data Protection Regulation: the right of access, the right to rectification of data, the right to erasure of data, the right to restriction of data, the right to object to processing.

    These rights may be exercised as follows:

    • at the Bank, by sending a written request to the bank's address in Mun. Cluj-Napoca, str. Calea Dorobanților, no. 30-36, Cluj County, with the mention – "to the attention of the data protection officer (DPO)" or electronically to the e-mail address dpo@btrl.ro.
    • by securely accessing Credit Bureau website, in the case of data processed in the Credit Bureau System as well as the right to address the National Authority for the Supervision of Personal Data Processing and the judiciary.

    D. Information regarding the processing of personal data for the purpose of issuing and managing the Qualified Digital Certificate issued to the User by Alfatrust Certification S.A. for signing documentation in relation to BT

    If you want to obtain a BT credit card exclusively online, it will be necessary to sign the credit documentation with a qualified electronic signature. The issuance and use of the digital certificate for signing do not involve costs for you, but it is necessary for BT and Alfatrust to jointly process, as associated operators, personal data concerning you for the issuance of this electronic signature.

    1. Operators of personal data

    Under art. 13-14 of EU Regulation 679/2016 - General Data Protection Regulation ("GDPR"), Alfatrust Certification S.A. ("Alfatrust") and Banca Transilvania SA ("BT") inform you regarding the processing of your personal data as a User ("data subject") carried out in their capacity as joint controllers for the purpose mentioned in point b within this notice.


    2. The purpose and legal basis of processing personal data

    The purpose for which the associated operators process the User's data is the issuance and management of the Qualified Digital Certificate ("Certificate").

    BT is the operator that identifies the User, respectively collects from them the personal data necessary for issuing the Qualified Digital Certificate, and transmits it to Alfatrust so that this operator can issue the certificate.

    The data that BT collects from Users are those processed by BT in its own records, in the context of the business relationship that is already established between the User and BT at the time of transmitting the data to Alfatrust.

    During the validity period of the certificate, personal data is processed by the associated operators, as appropriate, as well as in situations where Users request the suspension or revocation of the certificate in the ways detailed in the Terms and conditions of service provision.

    The legal grounds for processing personal data for the defined purpose are the legal obligation (art. 6 para. 1 lit. c GDPR), the conclusion/performance of the contract (art. 6 para. 1 lit. b GDPR), and the legitimate interest of the associated operators (art. 6 para. 1 lit. f GDPR).

    Regarding the legal obligation, both BT - as a credit institution with which the User has established a business relationship, and Alfatrust - as an accredited certification service provider from whom the User wishes to obtain a certificate, are subject to the applicable legal provisions in the field of money laundering and terrorism financing prevention according to which they must collect from customers a series of personal data. These data are also necessary for the conclusion/performance of the contract under which the User is allowed to use the certificate for signing documentation in relation to BT.

    To support users who wish to submit a request to suspend or withdraw the certificate, the associated operators justify a legitimate interest in offering them (who also have the status of BT clients) the possibility to send these requests not only directly to Alfatrust but also through BT. The resolution of these requests involves the exchange of personal data of the Users between the two associated operators.

    Contact data - phone number, and home address will be processed by any of the associated operators, whenever it is necessary to contact the end user for the proper conduct of the contractual relationship related to the qualified digital certificate.


    3. Categories of personal data and persons whose personal data are processed

    Personal data processed in order to fulfill the mentioned purpose are those stipulated by law as mandatory to be collected by a credit institution, respectively by a certification service provider for the prevention of money laundering and the sanctioning of terrorism, namely: name, first name, personal identification number (CNP), home/residence address, identity document validity date, and phone number, a copy of the identity document. All this data, as provided by the user to BT, will be transmitted to Alfatrust for the issuance and management of the Qualified Digital Certificate.

    Processing of this personal data is necessary for the generation of the Qualified Digital Certificate. The User's refusal to have this data processed leads to the impossibility of issuing the Qualified Digital Certificate.

    The data subjects of this processing are only the Users, as defined in the Terms and Conditions of Use.


    4. Recipients of personal data

    Except for the associated operators between whom there will be an exchange of personal data processed for the fulfillment of the processing purpose, the data is disclosed, as the case may be, to IT service providers, audit providers, authorities, and institutions entitled to know them.


    5. Period of processing of personal data

    Information regarding a Qualified Digital Certificate (including personal data) is processed by Alfatrust for a period of 10 years from the date of its validity termination, in accordance with legally established deadlines.

    At the BT level, remote electronic signature, applied based on the Qualified Digital Certificate issued by Alfatrust on the documentation signed in relation to BT, is kept for the entire period during which a business relationship between the User and BT is ongoing, plus the terms established in the applicable legislation.


    6. Rights of the data subjects whose personal data are processed

    To any User, in their capacity as a data subject, the exercise of the following rights regarding the processing of their personal data is guaranteed, with any of the associated operators: the right of access, the right to rectification, the right to restriction of processing, the right to erasure of data, the right to object to data processing, the right to data portability.

    Users can exercise these rights or contact the data protection officers for any questions/requests regarding the processing of your personal data, as follows:

    • at Banca Transilvania S.A. - through message sent to the e-mail address dpo@btrl.ro or by a request sent to the bank's address in Cluj-Napoca City, Cale Dorobanților Street no. 30-36, Cluj County, with the mention "to the attention of the data protection officer (DPO)"
    • to Alfatrust Certification S.A. - by message sent to the e-mail address suport@alfasign.roor by a request sent to Alfatrust headquarters, with the mention "for the attention of the data protection officer (DPO)"

    Users also have the right to file a complaint with the supervisory authority - the National Authority for the Supervision of Personal Data Processing (ANSPDCP), with headquarters in Bucharest, sector 1, Bd. Gen. Gh. Magheru no. 28-30.

    Ai Search
    Maintenance iconOops, it seems that something went wrong. Don't be afraid, it is not your fault. Small problems happen from time to time. What can you do? Try again later.
    Logo Question BT
    Întreb BT is the largest online financial education program of Banca Transilvania, with over 2,000 questions and answers about banking.
    Frequently Asked Questions
    Powered by Microsoft Foundry
    AI Search offers automatically generated answers, using Claude-Haiku-4.5 technology and an advanced orchestration mechanism through agents. The answers may contain inaccurate or potentially offensive content, which does not represent the point of view of Banca Transilvania. You are solely responsible for the use of the content generated by this service. Read .
    Terms and conditions

    Disclaimer

    AI Search is a pilot project - in beta version - that uses Claude-Haiku-4.5 technology to simplify the process of searching and understanding banking products.

    AI Search is trained to answer questions exclusively related to banking products offered by BT, but in certain situations and depending on the questions asked, it may also answer general questions. The answers provided are generated automatically and should be used for informational purposes only. The service may sometimes provide inaccurate or potentially offensive content, which does not represent the view of Banca Transilvania. You are solely responsible for using the content generated by this service in any manner. Do not rely on this service for financial, legal, or other professional advice and do not enter personal data or other confidential information into it.

    The use of AI Search implies acceptance of the Terms and Conditions.

    Access to and use of the service implies unconditional acceptance of these terms and conditions. If you do not agree with them, please do not use this service. By accepting the terms and conditions to use this service algorithmically provided by an artificial intelligence model, you assume all risk regarding the quality, safety, and performance of this service.

    Banca Transilvania does not provide any guarantees regarding the answers given by this service.

    AI Search provides algorithmically generated answers and these may sometimes contain inaccurate information or potentially offensive language. This information does not express the position of Transilvania Bank and cannot engage the Bank's responsibility for the provided content.

    AI Search does not provide answers to personalized questions, so by using it you are obliged not to provide or enter any personal data or other confidential information in the messages/questions sent. In case of non-compliance with this obligation, by inserting personal data/confidential information within AI Search, you express your consent for the processing of such data for the purpose of providing the service (answers to the questions you ask), as well as for the improvement of the algorithmic model of the robot by its developer.

    Any information provided by users during interaction with AI Search will be treated confidentially, being disclosed only to recipients who have the right and need to know it.

    The content offered by AI Search is for informational purposes only.

    Users are responsible for the questions and messages addressed within the use of AI Search. Any abuse or inappropriate language may lead to the interruption of the interaction.

    AI Search does not provide financial, legal, or professional advice and does not replace consulting human experts or specialized professionals in the respective field. Users should not rely on the information provided by AI Search for decision making.

    The bank reserves the right to interrupt the AI Search service at any time, without prior notice.

    Terms and conditions may be reviewed/updated at any time.