General data protection policy

Information note / consent statement regarding the processing of personal data for the purpose of contracting exclusively online some products / services

In order to open a business relationship or to contract certain services (e.g. internet / mobile banking) exclusively online, LIBRA INTERNET BANK S.A. is obliged to process personal data that belong to you, in order to verify your identity.

During the process, information will be requested / confirmed, which we are obliged by law to collect in order to get to know the client, to prevent money laundering and financing terrorism.

In the online environment we have chosen a method that allows us to certify the identity of people and to prevent possible attempts at fraud. This method uses technologies that guarantee the security of biometric data processing. However, we shall not use this data without your consent, expressed by continuing the account opening process.

During the process, information will be requested / confirmed, which we are obliged by law to collect in order to get to know the client in order to prevent money laundering and terrorist financing. This process involves processing the following information:
- Uploading a copy of your ID ("ID / passport")
- a "selfie" video in our platform

A facial identification tool will detect your face in the CI picture and in the selfie taken.

If you do not want your data to be processed as we have informed above, you will not be able to contract exclusively online offered LIBRA INTERNET BANK S.A. services / products. The account can be opened in any of the bank's branches.

General policy on personal data protection

Setari cookies

In accordance with Regulation (EU) no. 679 of April 27, 2016, the protection of individuals with regard to the processing of personal data and the free movement of such data (hereinafter referred to as "GDPR"), applicable starting with May 25, 2018, LIBRA INTERNET BANK SA, as " Operator ”, processes your personal data in good faith and in achieving the purposes specified in this policy.

You have provided the personal data belonging to you, as the person targeted by their processing, to LIBRA Internet BANK SA on the date of concluding the General Framework Agreement on banking services with it or on the date of formulating an application requesting the provision of services by the Bank.

1. The personal data that LIBRA INTERNET BANK SA may process are the following:
name and surname, pseudonym, sex, date and place of birth, citizenship, signature, data from civil status documents, telephone / fax, address (domicile / residence), e-mail address, profession, place of work, vocational training ( graduation diplomas, studies), income, source of income, economic and financial situation, data on assets held, banking data, public office held, political exposure, photo or video recording of facial image, personal numerical code, serial number and identity card , data on the committing of crimes, IP address. They differ, depending on the products and services offered, as well as the purposes of processing.

2. The purposes of the processing of personal data may include:

  • a) performing the analysis of customer knowledge, respectively of reporting suspicious transactions, based on art. 6 paragraph 1), letter c) of the GDPR, respectively for fulfilling a legal obligation, corroborated with the legislation on knowing the clientele in order to prevent money laundering and terrorist financing (NBR Regulation no. 2/2019 on knowing the clientele in order to prevent money laundering and financing terrorism and Law No. 129/2019 for the prevention and sanctioning of money laundering, as well as for the establishment of measures to prevent and combat the financing of acts of terrorism);
  • b) credit risk analysis, according to art 6 paragraph 1), letter c) of the GDPR, respectively Regulation no. 5/2013 on prudential requirements for credit institutions and Government Emergency Ordinance no. 99/2006 on credit institutions and capital adequacy;
  • c) concluding and executing financial-banking services contracts concluded with you, according to art 6 paragraph 1, letter b) of the GDPR;
  • d) making credit reports or other information to state institutions according to art 6 paragraph 1), letter c) of the GDPR and the applicable special legislation;
  • e) debt collection / recovery of debts you owe to LIBRA Internet BANK SA, according to the concluded contracts and the legitimate interest of LIBRA Internet BANK SA to recover the receivables related to the existing contractual relationship with you, according to art 6 paragraph 1), letter b) and f ) from the GDPR;
  • f) for purposes of financial-banking analysis, such as risk analysis, liquidity analysis, analysis of guarantees, etc., according to art 6 paragraph 1), letter c) and letter f) of the GDPR;
  • g) for statistical purposes, in accordance with art 6 paragraph 1), letter f) and art 89 of the GDPR;
  • h) for granting certain benefits such as travel insurance, preferential interest for certain categories of customers etc.;

3. Duration of personal data processing
The processing (including storage) of personal data is performed during the validity of the contracts concluded with Libra Internet Bank SA, and subsequently, according to the provisions of Law no. 129/2019 for the prevention and sanctioning of money laundering, as well as for the establishment of measures to prevent and combat the financing of terrorism as well as to the NBR Regulation no. 2/2019 on knowing the clientèle in order to prevent money laundering and terrorist financing.
The processing of data (including storage) in case a contractual relationship with you has not been concluded, will be carried out for the period provided by Law no. 129/2019 for the prevention and sanctioning of money laundering, as well as for the establishment of measures to prevent and combat the financing of terrorism, as well as in order to prevent cases of fraud to which the Bank may be exposed.

4. The need to process personal data
In case you refuse to communicate the data mentioned for the purposes stipulated in letters a) - f) above, you will not be able to initiate legal relations with LIBRA INTERNET BANK SA, as it will be unable to comply with the requirements of special regulations in the financial field. -banking regarding the knowledge of the clientele, the prudential requirements and other legal provisions, including to analyze the request regarding the provision of some services by LIBRA INTERNET BANK SA, to conclude, carry out and execute the contract requested by you.

5. Empowered Persons and Recipients of Data
Personal data may be transmitted to: the data subject, the data subject's employer, the data subject's representatives, the Credit Risk Center, the Credit Bureau, the debt collection / debt collection agencies, the Electronic Archive of Real Movable Guarantees, the contractual partners (lawyers , notaries, consultants, accountants, auditors and auditors and other partners bound by the obligation of confidentiality regarding the data transmitted), contractual partners involved in the execution of the contract or who ensure the provision of products and services related to banking (e.g. banking services). courier, security, protection and monitoring, press research, insurance, payment processing, card printing etc.), insurance companies, corresponding banking institutions, courts and criminal prosecution bodies, Internal Guarantee Funds (e.g. FGDB, FNGCIMM etc.) and international (e.g. European Investment Fund). Also, personal data may be disclosed to state authorities according to their competencies and applicable legislation, such as the National Bank of Romania, ANAF, the National Office for Prevention and Combating Money Laundering, etc.
The data transmitted to third parties will be adequate, relevant and not excessive in relation to the purpose for which they were collected and which allows the transmission to a certain third party.

6. International transfer
The data provided may be transferred to entities in the European Union / European Economic Area, in case of external payment operations and financing from European funds. The data will be transferred to SWIFT (Society for Worldwide Interbank Financial Telecommunication), as an operator, if you request external payment operations that include processing through the SWIFT system.
There is a possibility that the data transferred to SWIFT, as an operator, may be accessible to the US Treasury Department. We mention that, in case of using applications offered by Google or Microsoft, although the infrastructure as such is in the European Union, it can be accessed by the parent organizations in the country of origin. In all such situations, LIBRA INTERNET BANK SA will take the necessary measures to ensure that your data is protected, such as standard contractual clauses issued by European bodies or relevant certifications in the field and recognized within the European Union.

7. Communication with clients and other individuals
During the business relationship, in the documents prior to its establishment, as well as after the termination, it is possible that various information regarding your relationship with LIBRA INTERNET BANK SA. These communications involve the processing of your personal data (for example, e-mail address or telephone number). LIBRA INTERNET BANK SA will ensure that it will not process personal data without having a legal basis, as provided in art. 6 para. 1 of the GDPR.
The communications you will receive may be based on one of the following legal grounds:

  • fulfillment of a legal obligation (for example when national or European regulations require us to provide you with various information). These communications will never be of a commercial nature and will not contain an "unsubscribe" link. In this regard, the information will be transmitted independently of the options chosen for commercial communications.
  • execution of a contract to which the data subject is a party or to make arrangements at the request of the data subject before concluding a contract (so that you can enjoy the rights provided in the contract, but also to comply with the exchange information between you and the Bank).
  • for the purpose of the legitimate interests pursued by the operator (for example, debt collection / recovery of debts you owe to LIBRA INTERNET BANK SA)
  • your express, specific and freely expressed consent (for example, in the case of commercial communications)

8. The rights of the data subject
As a data subject, you have the following rights regarding your personal data, provided by GDPR: the right to information and access, the right to restrict and rectify data, the right to data portability, the right to delete data, the right not to the object of a decision based exclusively on automatic processing, including the creation of profiles, which could produce legal effects on you, the right to address the National Authority for Supervision of Personal Data Processing and justice, the right to oppose at any time data processing, in the situations provided by law. To exercise these rights, you can address a written request, sent to LIBRA INTERNET BANK SA via the internet banking / mobile banking service, at the e-mail address protectiadatelor...librabank.ro (mentioning the full name), in any of the bank's branches or at the postal address: Calea Vitan, Nr. 6 – 6A, Cladirea Phoenix Tower, sector 3, Bucuresti.
The personal data operator guarantees the fact that it processes your data in conditions of legitimacy, implementing at the same time adequate technical and organizational measures to ensure the integrity and confidentiality of the data according to articles 25 and 32 of the GDPR.
In the situation where the data processing operation is based on art. 6 paragraph 1), letter a) of the GDPR, respectively your express, specific and freely expressed consent, the Bank will inform you through a separate document, according to art. 13 of the GDPR, and you will express your option in that document.