Update your personal data from home in just a few minutes.

Search form

Processing of personal data

B.R.D. - Groupe Société Générale S.A., headquartered in Bucharest, Blvd. Ion Mihalache, No. 1-7, Sector 1, registered with the Trade Register under number J/40/608/19.02.1991, Tax Identification Number 361579, registered with the Banks Register under number RB-PJR-40-007/1999 (hereinafter called „The Bank” or „Us/ We”), acting as data controller, we would like to inform you about the way We process the personal data in the context of the activity carried out by BRD, as well as about the rights that you have as a data subject, starting with 25th of May 2018 (GDPR effective date).

The Bank processes the following categories of personal data:

  • identification data, such as name, surname, CNP, ID card serial and number/other document which can serve as identification (e.g. passport, residence certificate), as well as other information these documents may contain (e.g. date and place of birth, citizenship), signature.
  • marital status, such as data from the marriage certificate.
  • contact data, such as: home address, mailing address, e-mail, phone number.
  • data necessary for the evaluation of your eligibility, such as:

- information regarding your professional qualifications, such as information regarding your occupation, employer’s name, position, etc.

- know your customer” information, such as your public function, political exposure, special relations with the BRD Groupe, etc.

- information regarding your financial-economical status, such as income, solvability, credit history.

- transactional information (such as transactional history, deposits, savings accounts, etc.).

- information regarding fraudulent activities or, where applicable, potentially fraudulent, such as accusations and convictions for (attempted) fraud, misdemeanors or criminal offences (for money laundering and/or financing terrorist acts).

-  data regarding the guarantees (information regading the initial owners of the property brought as collateral).

-any other data,  necessary or useful for the Bank’s activity, as per the law.


Note: In case of clients represented by agents/ other forms of representation, the Bank will process the personal data of the person who represents the client (such as name and surname, date and place of birth, personal identification number or a similar identifier, home address and its legal regime – such as domicile, residency, citizenship), including other personal data mentioned in the document certifying the power of representation.

We process the personal data that you provide Us, directly or indirectly (e.g. through empowered or other persons representing you in your relationship with the Bank, such as, persons who are entrusted with the exercise of parental/ tutorial authority), or that data that We generate or deduct as a result of the interaction with you through any of the channels of communication with the Bank.  

We can also obtain and process your personal data including from external sources, such as:

- public institutions and authorities (e.g. ANAF, FNGCIMM, NBR – Central Credit Register or Payment Incidents Register (CIP), National Integrity Agency). For example, We can interrogate the authorities/ public institutions databases to obtain certain information, such as: your tax situation; the Declaration of Wealth, in the case of publicly exposed persons; the status of  enforcement proceedings you are subject to; your employee status; information on the status of the claim file by the FNGCIMM; your identification data in the Central Credit Register, including information on the type of loan contracted, the degree of indebtedness and the affiliation to a group of debtors.

- registries and electronic databases (e.g. portals of Courts, the Credit Bureau, entities empowered to manage databases with designated persons, subject to international money-laundering sanctions and politically exposed persons, etc.). For example, but not limited to, when entering into relationship with the Bank, We interrogate (i) the Court’s portals to verify if you are involved in criminal litigations likely to reveal a certain fraudulent conduct, (ii) the Credit Bureau, to check the Bank’s exposure by reference to your payment behaviour or other incidents in relation with other banks,in case you request a credit product from our Bank, (iii) if you are included in databases with designated individuals, subject to international sanctions of funds freezing. 

- entities involved in payment operations (e.g. international cards organizations, such as Visa and Mastercard, economic operators accepting cards payments, banks and other payment institutions involved in payment schemes, the Central Depository). For example, when you make card transactions, we can receive some data necessary to make the payments (e.g. the card’s data, transaction amounts) from merchants who accepted the payment with the card.

Also, in other types of operations (e.g. credit card payment, direct debit, debit instruments such as cheque, promissory note), We can receive your data from a bank/ third-party institution where the transaction was initiated, through schemes/ payment systems and interbank communications (such as SEPA, Regis, SENT or SWIFT).

- commercial partners, particularly service providers for the Bank. For example, We may find out your new contact information (e.g. address, phone number) from agencies providing debt recovery services for Us, data that they obtain from their own sources.

-  online platforms (social media and internet) publicly available.

- BRD Group entities (such as data on customers who had contracts with BRD Finance IFN S.A).

- your employers, for example if We enter into a payroll agreement with your employer.

- other companies for which the Bank provides payment services (securities issuers, insurance companies, etc.).

- Central Depository, as a registry company for the Bank’s shares.


For example, in certain situations, We may obtain your personal data from Bank’s customers/ Bank’s customers representatives (e.g. if you are a member of the customer’s family), board members of the Bank (if you are an affliliated person), if such data are necessary in the context of legal relations with the Bank’s customer. 


The refusal to provide the Bank with your personal data may, in some cases, result in the impossibility of entering into relationship with the Bank or of contracting the desired product, service.


We process personal data for:

  1.  Checking your eligibility for entering into relationship with Us and contracting the banking product/ service, as well as for
  2.  Preparing the required documentation for contracting the product/ service.

We check your situation to ensure that you meet the prudential requirements, under the applicable law and internal policies of the Bank (including the risk policies). For example: We apply know your customer procedures, for which we process data such as: your name, surname, date and place of birth, ID type and country of issuance, personal identification number, ID series and number, home/ residence address, fiscal residence, telephone number, fax number, e-mail address, citizenship, multiple citizenship if applicable, source of funds, activity area, occupation and workplace, purpose and nature of the relationship with the bank, declared income range, publicly exposed person/ member of the family of a publicly exposed person or a close associate of a publicly exposed person, public function, etc.; We verify that you meet the requirements concerning the fraud prevention and combating money laundering and terrorist financing; We evaluate your situation as well as, if applicable, of other persons (e.g. co-debtors, guarantors) to analyze the Bank’s exposure to the risk involved by contracting the required banking product/ service.

For certain products (such as loan products), We also use automated processing (including scoring) to assess your eligibility for contracting the product (for details, please see Section „Automated Individual Decisions” below).

Legal basis of the processing:

Entry into the contractual relationship, including the processing carried out at your request for the conclusion and performance of the contract.

BRD’s legitimate interest to check its customers eligibility in terms of internal policies and standards imposed at BRD Group/ Société Générale Group level. 

Compliance with legal obligations.

Note: In case of clients represented by agents/ other forms of representation, the Bank will process, in order to identify the agent / other representative, his / hers identification data, as mentioned in section I above, as well as other personal data, if needed, in order to assess the power of representation.



We process personal data to enter into and to perform the contract with you. For fraud prevention and figthing purposes and/ or for preserving banking secrecy: We verify the authenticity of identity documents as well as, where applicable, of other documents that you submit to us; We monitor the way the contract is performed and the associated risks; We apply procedures for conflict of interest management. 

We may contact you or, where applicable, other persons (e.g. co-debtors, guarantors, agents, legal representatives) through various channels (e.g. phone, e-mail, SMS, at home), to communicate you/ them various aspects concerning the contract or the contracted banking product/ service.

For example, if difficulties arise in contract performance, We may contact you to identify together the optimal solutions to continue the contractual relationship with you in the best possible conditions.

We may also send you notifications regarding payment maturities or concerning changes in the features of the contracted banking product/ service. 

Processing basis:

Entry into the contractual relationship and performance of the contract.

Compliance with legal obligations.

BRD’s legitimate interest to ensure the contracts performance in an optimal and efficient manner. 



We use personal data to optimally organize and streamline the Bank’s activity. In this regard, We may use personal data, among others:

  • to organize some internal databases, to support the activity carried out by structures and departments within the Bank.   
  • to improve and optimize BRD’s network activity, as well as our processes, products and sevices.
  • to efficiently organize, perform and/ or manage debt collection and debt recovery.
  • to prevent and investigate possible fraud/ fraud suspicions in banking operations.
  • to perform various financial analyses, in an aggregated format, regarding the performance of BRD’s network and its staff (including the Bank’s sales force).
  • to prepare various reports, in an aggregated format, on (a) BRD’s activity and performance in fiancial and banking markets, and (b) its exposure to other financial institutions.
  • to support Our position in various investigations, administrative and judicial procedures, litigations, etc. in which the Banks is involved.
  • in the context of various analyses, internal audit procedures and/ or investigations carried out by the Bank, on its own initiative or following the receipt of a complaint from a third party (including public authorities).  
  • managing controls/ investigations triggered by public authorities.

Processing basis:

BRD’s legitimate interest to streamline and optimize its activity.



We process you personal data to solve your requests or of other persons, as well as for providing you/ them with additional information about our products and services.

For example, We may contact you by phone to respond to your requests or We may process certain data from the documents you provide Us in order to solve your requests or complaints (such as a request to update your data or to block the card).

We audio record the conversations with you in order to improve the quality of our services as well as to prove (a) your requests/ claims concerning a particular banking product/ service as well as, eventually, our response, respectively (b) your agreement/ option/ preferences for a particular product or service of ours.  If you  do not want to record the conversations above mentioned, you can contact Us on other available channels, such as by e-mail or by writing to Us to our dedicated contact address. In this latter case, the effective settlement of your request/ complaint will not be affected in any way, but the settlement may be longer.

Processing basis:

Entering into and performance of the contract, including for processing made upon your request for entering into  the contract.

Compliance with specific legal obligations.

BRD’s legitimate interests (i) to comply with a legal obligation and to avoid any negative consequences, and (ii) to carry out its activity in accordance with internal standards and with the standards established at the Group level. 

The data subject’s consent - you can withdraw your consent at any time - for details, please see Section „ What Are The Rights That You Benefit From”, point 4 below.



We want to keep you updated with the latest news about the products and services of the Bank and/ or of other companies within Société Générale Group (insurance companies, pension funds, leasing entities, investment funds etc...) and / or of our partners (such as insurance companies outside Société Générale Group), to invite you to participate in contests or advertising lotteries that We organize on our own or with our partners (co-organizers). Before contacting you, We may rely on our internal analyses and studies (for details, please see Section H below). 

In line with the aforesaid, We can also send you commercial communications, including direct marketing messages (selling of products and services) regarding the aforesaid partners products/ services.



We are interested in your opinion about our products and services, about Us or other companies within the Group in general or about a particular subject relevant to our activity. We can periodically contact you to receive your feedback and suggestions on how to improve our products and services or how we can better meet your needs and expectations. You are not obliged to respond and if you do not respond, it will not affect in any way your relationship with Us. 

We also carry out market studies; to this end, We can work with market research agencies, which will either conduct market studies for Us, or provide us with market research results and other information related to the subject of such studies. Usually, we receive information regarding the market studies from our partners in an anonymised format (aggregated data).

If the processed informaion will (also) contain personal data, We will inform you accordingly.

We will only send you these communications if We have obtained your consent.

Moreover, if you do not exercise your right to object, We may use your physical address to transmit you by courier or by post commercial communications (leaflets, catalogs, etc) with news about our products and services, invitations to participate in contests or advertising lotteries that We organize on our own or with our partners.

Processing basis:

BRD’s legitimate interest.

Your consent - you can withdraw your consent at any time - for details, please see Section "What are the rights that you benefit from?" 4) below.



We want to offer you the most relevant products and services according to your profile and area of interest. Therefore, based on your agreement, We may analyze your data and information from the following sources:

  • Our internal database, such as information from loan records/ other similar documents that We hold as a result of your previous loan requests/ other products and/ or banking services. For example, we are interested to gather information relevant to assessing your particular situation, such as age, occupation, income (including as a result of a credit application previously submitted by you), the politically exposed person quality, your quality in the shareholding structure of a legal entity, the products and services held and their degree of use on different channels (e.g. Internet or mobile banking), the analysis of the typology of the transactions you made within a certain time/per product (e.g. cards)/ per type of traders and the value of the aforesaid transactions, your previous loan application score; and/ or
  • External sources, such as BRD Group entities or our partners, the Trade Registry, Credit Bureau, ANAF.

 Offer personalization will not exclude your access to our products and services.

We analyse and combine the data and information mentioned above to provide you the products and services that best fit your needs and particularities.
We may also use the aforesaid information to avoid sending you offers for products and services that, for various reasons (including our risk policy), are not of interest to you or you would not be able to access them,  due to your particular situation. The algorithms we apply for offer personalisation are based on information such as: seniority in relation with the bank, age, occupation, income (including as a result of a credit application previously submitted by you), your previous credit application score, the politically exposed person quality, your quality as shareholder/ associate in a legal entity, the equipment rate with products and services (numerical and value) and their degree of use on different channels (Internet and/ or mobile banking), the analysis of typology and the value of your transactions within a certain time interval/ per product type or by traders. All this information is analysed for determining a statistical model, having as result a tailored product and services offer for you. This offer takes into account your transactional profile and behaviour (as evidenced by the aforementioned information) and will include personalised products and services based on your needs. The algorithms used may vary over time, so for more information about the logic used in creating offers/ products, you can contact us at the data mentioned in the "CONTACT" section.

Sometimes, in the process of offers/ products personalization, we use automated individual decisions.
We can assure you of the adequate guarantees for the automated decisions we make.
You have the right to: (i) express your point of view on that automated decision; (ii) To request a reassessment of the decision, on the basis of a human intervention; (iii) to contest the automated decision.

We will be able to use customized individual decisions to send you personalized offers if We have obtained your explicit consent in this respect.

Processing basis:

Your consent - you can withdraw your consent at any time - for details, please see Section "What are the rights that you benefit from?" 4) below.



We are preoccupied with the constant improvement of our products and services. Based on our legitimate interest, We use the data that we collect from you or other data that we generate/ deduct from the data received from you (such as: age, based on your CNP) for various statistics, analyses and internal studies.

Most internal analyses and internal studies are in anonymous format (aggregated data), providing Us with useful information for improving our products and services. Sometimes, We analyze your data to determine your specific customer profile, to better meet your needs and expectations.
We use information such as age, occupation, income, the politically exposed person quality, your quality as shareholder/ associate in a legal entity to include you into a specific generic profile, established in accordance with the internal rules for the classification of customer portfolio. In addition, there is a possibility to move customers from one profile to another, as a result of the analysis and other information such as seniority in relation with the bank, income obtained from a credit application previously submitted by you, the equipment rate with products and services (numerical and value) and their degree of use on different channels (Internet or mobile banking, ), the analysis of typology and the value of your transactions within a certain time interval/ per product type (e.g. cards) or by traders, or the score of your previous credit application.
In the same time, We have a legitimate interest in analyzing your data so as not to disturb you with information that does not fit your profile. For example, We can exclude you from a particular campaign if you exceed the age that We target for a specific product (such as cards dedicated to students).

Processing basis:

BRD’s legitimate interest.

Your consent - you can withdraw your consent at any time - for details, please see Section "What are the rights that you benefit from?" 4) below.



We process personal data also for complying with the legal obligations applicable to credit institutions. For example, based on our legal obligations, We submit various reports to relevant institutions and public authorities, such as: (i) FATCA reporting to ANAF, (ii) reporting suspicious transactions to the National Office for the Prevention and Control of Money Laundering (ONPCSB), (iii) reporting payment incidents to the Payment Incidents Register (CIP) within the National Bank of Romania, (iv) notifying ANAF within the Ministry of Economy and Finance, or as the case may be, notifying other competent authorities when identifying persons or designated entities, (v) Reporting of persons to “Oficiul pentru Implementarea Sanctiunilor Internationale” (MAE) , in case of identifying sanctioned persons or entities We also monitor our Customers’ transactions to identify unusual/ suspicious money laundering or terrorist financing transactions, and to prevent fraud. For additional information concerning the reporting made under our legal obligations, you can request this information.

 In order to comply with the legal provisions in force, We process personal data through security systems (closed circuit television and visitor’s management/ access control) or access record registers, the data being kept for intervals regulated by the law. The data collected under the legislation on the protection of persons, goods and values may be made availabe exclusively to the authorities, at their request, respecting the conditions provided by the law.

In addition to the legal obligations, We are also committed to complying with a number of internal requirements/ established at the Société Générale Group’s level on reporting and internal/ external audit that may, in some cases, involve/ have as a source the processing of personal data.

Processing basis:

Compliance with specific legal obligations.

BRD’s legitimate interest and of Société Générale Group to carry out its activity according to internal standars and those established at the Group level.



Processing basis: Compliance with specific legal obligations.

Sometimes, in our processes, We use automated individual decision-making, including profiling, which under certain circumstances,  may have legal effects on you or, as the case may be, may significantly affect you. In this case, the automated decisions will always be based on one of the legal basis provided by Article 22 GDPR, namely (i) entering into or performance of a contract; (ii) authorization provided by law; or (iii) the data subject’s explicit consent. 

Thus, We make automated individual decisions by virtue of a legal authorization. For example, the law requires Us to implement appropriate know your customer measures for the purpose of preventing and combating money laundering and terrorist financing.

To this end, We check whether you are included in the databases of persons accused of terrorist financing or, as the case may be, in the databases of people with high risk of fraud and, if We will find you in these databases, We will refuse to enter into a business relationship with you. 

For certain banking products, We use automated individual decision-making based on scoring to conclude the contract for the product you requested. For example, We use the loan scoring to assess your eligibility for contracting the requested loan. The algorithms that We use for the loan scoring consider different criteria, in line with our risk policy, such as your financial condition, your creditworthiness, exposure, payment behaviour, employer status, debt history, etc.

The criteria and the algorithms that We consider relevant may vary over time.

We use automated individual decision-making also for ensuring the security of the Bank’s products and services, as well as to protect you as much as possible against the risk of fraud, thereby ensuring the proper execution of the contract concluded with you.

For example, We monitor your online or / and card payments, and if We identify suspicious transactions (such as unusual repetitive payments like frequency, value, etc., or other transactions with illogical sequences - such as payments in different locations (cities) at short intervals, which did not allow the holder to move to those locations in accordance with the current technique), We adopt  measures on automated basis (such as blocking the suspicious transaction, blocking the card, blocking the account, etc.).

Also, if We have obtained your express consent  in this regard, We may use automated individual decisions to transmit you (We or companied within BRD Group, depending on your option) personalized commercial communications (for details, please see Section F above).

You will have appropriate guarantees for the automated decisions We take. In particular, you will have the right:  (i) to express your point of view on that particular automated decision; (ii) to request a reassessment of the decision, based on human intervention; respectively (iii) to contest the automated decision.

We may disclose personal data to:

  1. Our main service providers, such as:
  • interbank payment processing and payment information transmission services through schemes/ payment systems and interbank communications (e.g. SWIFT - Society for Worldwide Interbank Financial Telecommunication, STFD Transfond S.A. and NBR for ReGIS and SENT national payment systems);
  • services provided by international cards organizations (e.g. MasterCard, Visa etc);
  • services provided by payment service providers;
  • services provided by transaction reporting providers to competent authorities or other regulated entities (e.g. Deutsche Boerse, DTCC);
  • cards issuance and personalization services;
  • debt recovery and/ or debt collection services;
  • goods and other assets valuation services;
  • services of capital investment agents/ brokers.
  1. Marketing services providers, such as:
  • Marketing agencies;
  • Market research and surveys agencies;
  • Marketing communication agencies (e.g. e-mailing commercial offers);
  • Parteners specialised in organizing lotteries and contests.
  1. Our support-services and/ or auxiliaries providers, such as:
  • electronic communication services (e.g. e-mailing, SMS etc.);
  • real estate agencies;
  • bailiffs;
  •  IT services (e.g. maintenance, support, development);
  • audit services;
  • physical and/ or electronic archiving services;
  • courier services;
  • legal, notarial or other consulting services;
  • staff training services. 
  1. Public institutions and authorities in Romania and abroad, such as:
  • National Bank of Romania (NBR);
  • Financial Supervisory Authority (ASF);
  • The National Supervisory Authority for Personal Data Processing (ANSDPCP);
  • National Office for Preventing and Combating Money Laundering (ONPCSB);
  • Oficiul pentru Implementarea Sanctiunilor Internationale (MAE)
  • National Agency for Fiscal Administration (ANAF);
  • Competition Council;
  • National Archives;
  • Courts and other judicial bodies (such as police offices, prosecutor’s offices, The National Anticorruption Directorate - DNA etc.);
  • The Bank Deposit Guarantee Fund, The National Credit Guarantee Fund for Small and Medium Enterprises (FNGCIMM);
  • Deutsche Boerse Approved Reporting Mechanism (ARM).
  1. Certain customers of the Bank with whom you have contractual or legal relationships related to the banking products We provide, such as:
  • Utility services providers (water, electricity, telephony, internet, etc.), for direct debit conventions;
  • Companies with whom you have working relationships and have concluded a payroll convention with Us.
  1. Other partners of the Bank, such as Credit Bureau (including the transmission of payment delays data), other financial-banking institutions (for example, correspondent banks and other financial-banking entities participating in payment schemes/ payment systems and interbank communications such as SEPA, ReGIS, SENT, SWIFT), The National Pension House (in the case of pension rights payments through a bank account opened with Us), The Central Depository, pensions and/ or insurance companies, insurance brokers/ damage assessors, investment fund management companies providing for Us or, as the case may be, for which We provide various services, other entities (such as banks or credit institutions) within the context of assigments  or portfolio restructuring and/ or other rights of the Bank which arise from legal relations with you in the context of  assignment or restructuring of receivables portfolio and/or other bank rights born on the basis of legal relations with you.
  2. Entities from the Société Générale Group and BRD Group, under the terms of the law. To check out the complete Group structure, please access https://www.brd.ro/despre-brd/noutati-si-presa/ultimele-noutati

As a rule, We transfer personal data only in states belonging to the European Economic Area (EEA) or states that been recognized by a decision of the European Commission as providing an adequate level of protection.

We may, however, transfer personal data to other countries than those listed above if:

  1. The transfer if made on the basis of appropriate guarantees (such as, through the use of Standard Contractual Clauses adopted by the competent authority, by using other clauses - subject to their approval by the competent authority or the applicable Corporate Rules at BRD level);
  2. The transfer is necessary for the performance of the contract with you, for example if you want to transfer an amount of money from your account to a bank account located in a third country, We have to disclose your personal data in order to execute the requested bank transaction. 

Note: In order to be able to make a funds transfer abroad, the banks (including the Bank) uses the settlement services offered by SWIFT.

SWIFT temporarily stores SWIFT transaction data on servers located in the E.U., but also in the USA. Under applicable SWIFT legislation, it may be required to disclose to the US authorities data stored on US servers for money laundering prevention and fight against terrorist financing activities.

      3.Other cases allowed by the law.

We keep your personal data as long as necessary to meet the purposes for which it was collected, in compliance with the applicable legal provisions, as well as of the internal procedures on data retention (including the applicable archiving rules at BRD level).

For example, if you are our customer, We will keep your personal data, as a rule, throughout your contractual relationship with Us, with an additional period of at least 10 years.

If we will not enter into a banking relationship with you, your data collected during the initiation of pre-contractual arrangements will be retained for a period of 5 years.

Note: For customers represented by the agents/ other forms of representation, the bank will process the agent’s / representative’s data for the purposes set out in section "Why do we process personal data?" A above, according to the retention terms applicable to the documents relating to the operation covered by the mandate.

Upon request, you can obtain additional information regarding the retention periods applicable to your personal data.

According to the Law, you benefit from the following rights concerning the personal data processing that We perform:

  1. Right to access your personal data: you may obtain from Us the confirmation that We process your personal data, as well as information regarding the specific nature of the processing, such as: tthe purpose of the processing, the categories of personal data processed, the data recipients, the period for which the data are kept, the existence of the right to rectification, erasure or restriction of processing. This right allows you to obtain a free copy of the processed personal data, as well as any other extra copies, for a fee.
  2. Right to rectification: you may ask Us to have innacurate Personal data rectified and incomplete Personal data completed.
  3. Right to erasure: you may ask Us to erase your personal data when: (i) the data are no longer necessary for the purposes for which We have collected and processed them; (ii) you have withdrawn your consent and We can not process them on other legal ground; (iii) the personal data are unlawfully processed, respectively (iv) the personal data have to be erased for compliance with the relevant legislation.
  4. Consent  withdrawal: you may, at any time, withdraw your consent regarding the processing of your personal data, data processed on a consent basis.
  5. Right to object: you may object, at any time, to the processing of personal data for marketing purposes, including profiling for the same purpose and you may also object to processing based on Bank’s legitimate interest, for reasons related to your specifc situation.
  6. Right to restriction of processing: you may request to restrict the processing of your personal data if: (i) you contest the accuracy of the personal data, for a period enabling Us to verify the accuracy of the personal data; (ii)  the processing is unlawful and you refuse the erasure of the personal data and request the restriction of their use instead; (iii) the data is no longer necessary for the purposes of processing, but you require them for exercise or defence of legal claims; respectively (iv) if you have objected to the processing, pending the verification whether the legitimate grounds of the Bank as data controller override those of the  data subject.
  7. Right to data portability: you may ask us to furnish you your personal data that you have provided us  in a structured, commonly used and machine-readable format (e.g. CSV format). Should you expressly  request us, We can send your personal data to another entity, if possible from a technical point of view.
  8. Rights related to automated decisions that We adopt in our business: for details, please see Section „Automated Individual Decisions” above. The rights attached to automated decisions that We adopt in our activity: for details, please check, „Automated Individual Decisions”above.

  9. Right to file a complaint with the Supervisory Authority: you have the right to file a complaint with the Supervisory Authority if you consider that your rights have been infringed.

The National Supervisory Authority for Personal Data Processing

Bld. G-ral. Gheorghe Magheru

28-30 Sector 1, postal code 010336 Bucharest, Romania


Note: The right of access personal data, the right to rectification, the right to erasure, the right to restriction of processing, the right to object and the right to file a complaint with the National Supervisory Authority for Processing of Personal Data are also applicable to agent’s/ representative’s data, in case of clients represented by agents/ other forms of representation.



If you have any questions about this data protection notice or if you want to exercise your rights as a data subject, you may contact Us using the following contact details:


In the attention of: BRD Data Protection Officer (DPO)

Correspondence address: Blvd. Ion Mihalache, No. 1-7, Sector 1, BRD Tower,

postal code 011171, Bucharest, Romania

E-mail:  dataprotection@brd.ro

You can access here the document: Information Note on the processing of personal data Legal Entities Customers

You can access here the document: Information Note on the processing of personal data Self-Employed Persons/ Authorised Proffesionals 

You can acces here the document Information Note on the processing of personal data Individuals

You can access the document here: Information on the processing of personal data in the application for the prevention of credit risk and fraud