At OTP banka d.d. (hereinafter referred to as the "Data Controller" or "OTP banka"), we are aware of the importance of the protection of personal data. As the controller of your personal data, we are committed to protecting your personal data and respecting your privacy.
The mBank@Net Privacy Statement (the "Privacy Statement") describes what personal information we collect in connection with your use of the mBank@Net application (the "Service"), why we collect it, how we collect it and with whom we may share it. The Privacy Statement also sets out how you can contact us if you have questions or concerns about data privacy.
By accepting the General Terms and Conditions for Consumers, of which this Privacy Statement forms an integral part, you consent to the collection and use or processing of your personal data in accordance with this Privacy Statement.
1. What is the legal basis for processing personal data?
The processing of personal data is necessary for the performance of the contract to which you are a party and to which the personal data relate. The data controller is contractually obliged to provide the services defined in the General Terms and Conditions for Consumers.
2. What data do we collect and process with mBank@Net?
Information when opening a personal account
If the user opens a personal account via the mBank@Net application, the bank processes the following data:
- first and last name;
- address of permanent residence;
- date of birth;
- Nationality;
- the number, type and name of the issuer of the official identity document;
- the date of issue of the official identity document;
- the date of validity of the official identity document;
- the purpose of identification;
- the date and time of the identification;
- screenshots of the user and his/her official ID;
- an audio and video recording of the entire process.
The Bank processes the above-mentioned data on the basis of the Act on Prevention of Money Laundering and Terrorist Financing.
Data in anonymized form
The following are the data collected by the mBank@Net application for the purposes of statistical analysis, updating the mobile application, testing and verifying the suitability of mobile devices, adapting the functionality to the needs of users, optimizing the performance of the mobile application, improving security and user experience, and tailoring the content to the interests of users. Data is collected using the Firebase analytics tool and is in an anonymized format:
- Device details (make, model, serial number, operating system version),
- Information about the mobile application and the user's activity within the application (the version of the mobile application, how long you have been using the mobile application, which functionalities of the mobile application you use, and how you access which windows and/or functionalities and for how long, etc.).
Information about the use of permissions on your device
In order to work properly, the mobile app needs access to the data and components of your device, as described below.
Android device licenses:
- Getting information about Wi-Fi connections (ACCESS_WIFI_STATE), which is used to identify malware;
- Getting information about the correct boot of an application (RECEIVE_BOOT_COMPLETED), which is used to identify malware;
- Getting information about applications already installed (QUERY_ALL_PACKAGES), which is used to identify malware;
- INTERNET, which provides the application with access to the internet;
- ACCESS_NETWORK_STATE, which checks if the device is connected to the Internet;
- Use of a fingerprint reader (USE_FINGERPRINT) used for biometric enrolment;
- Change of volume (MODIFY_AUDIO_SETTINGS) required by user identification via video call;
- Timer (SCHEDULE_EXACT_ALARM), creates a timer that can be used to execute an action and is used to display the session progress dialog.
Android device permissions (which the user can accept or reject):
- Contacts (READ_CONTACTS), which allows you to read contacts for Flik instant payment;
- Direct dialing of a mobile number (CALL_PHONE);
- A camera (CAMERA) used to scan a QR code and identify the user via a video call;
- Location (approximate ACCESS_COARSE_LOCATION and exact ACCESS_FINE_LOCATION), to show the distance to branches and ATMs;
- The microphone (RECORD_AUDIO) is used in the same set as the Camera;
- Notifications (POST_NOTIFICATIONS).
iOS device licences:
- A camera that can scan a QR code and scan ID documents and your face when opening a bank account or updating an ID document,
- Contacts to obtain mobile numbers to make an instant payment via the Flik service,
- FaceID, for unlocking mobile apps with biometrics,
- Location, to show the distance to branches and ATMs,
- The microphone is used in the same assembly as the Camera,
- Gallery, to access QR codes or PDF files to upload and/or save a receipt.
ATTENTION: You can restrict access to your personal data in the mBank@Net mobile app at any time in the settings of your mobile device! However, you should be aware that if you restrict access, some functions will be disabled, which may cause the mobile app to malfunction.
3. What we use the collected data for
4. Who we share data with
The Mobile App does not communicate or disclose information to third parties, except for information necessary for registration, digitization, payment and processing of transaction data as described in this Privacy Statement.
5. Push notifications and opt-out options
From time to time, we may send you push notifications about important app updates, marketing notifications or other information.
6. Security
At OTP banka, we place emphasis on the security of your personal data. We have taken physical, technical, electronic, organizational and procedural safeguards to prevent unauthorized access to or disclosure of your personal data in accordance with applicable law. We only allow access to your personal data to persons who are authorized to process such data and who need to know it in order to provide you with the service. These persons are bound by confidentiality obligations.
7. Where you can get more information on personal data protection
If you have any questions relating to the protection or processing of your personal data, you can contact the Data Protection Officer, who can be contacted at "dpo@nkbm.si". In order to implement the principle of fair and transparent processing, OTP banka, as the controller of your personal data, has also prepared General Information on Personal Data Protection, which enables you to obtain all relevant information relating to your personal data in one place.
8. Changes to this Privacy Statement
We reserve the right to change this Privacy Statement at any time in accordance with this Article. If we do, we will post the revised Privacy Statement on our website and mobile app.