Home Page
Loans
Deposits
Cards
Money Transfers
Digital Products
Treasury Products
Insurance
Leasing
Offers

Approved 
By Resolution #11.05/02-20 
Of JSC “Basisbank” Board of Directors from May 11, 2020 

Privacy Policy 
 
1. Introductory provisions 

1.1. Present data protection policy (hereinafter referred to as – the policy) of JSC “BasisBank” (Licensed Commercial Bank, Identification Code 203841833 , according to the legislation of Georgia hereinafter referred to as the Bank the Bank or W) based on internationally recognized principles and legislation of Georgia establishes framework principles regarding personal data processing conditions. 

2. Policy scope, changes 

2.1. Present policy applies to the Bank and is used while processing personal data. 
2.2. Policy applies to natural persons (clients of the bank) (hereinafter “the Client" or “Subject of data Subject of data”), to employees of the Bank and Contractors of the Bank. 
2.3. The Policy does not apply to anonimus and non-identified data (eg data for statistical evaluation or research purposes), because they are not identified as personal data. Herein only information that provides possibility of direct or indirect identification of individual- by identification number or by physical, physiological, psychological, economical, cultural or social signs is considered as personal data. 
2.4. Policy can be updated periodically. The latest version of policy is available on the web-page of the Bank: www.basisbank.ge

3. Principles of personal data processing 

3.1. While processing of personal data rights of data Subject shall be preserved. Personal data shall be collected and processed lawfully and fairly. 
3.2. Personal data may only be processed for the purposes it has been collected for. The further changes in data processing purposes can be made only in exceptional cases and requires existance of appropriate grounds. 
3.3. Data Subject shall be informed about how the existing data concerning the Data Subject is processed. Generally personal data must be obtained/collected from the very person who is directly related to the specified data. 
3.4. Processing of data by the Bank for the purposes prescribed hereunder shall be continued for a period corresponding with the objectives and interest of the Bank and/or is required by the Governing bodies or /and provided by Law. 
3.5.Protected personal data shall be as accurate and complete as possible and, updated in case of need. It’s necessary to take measures for the purpose of deleting correcting, adding or updating of inaccurate or uncomplete data. 
 
4.Data processing scope 

4.1. While using the Bank service and as well after the termination of contractthe Bank is entitled to process existing information about data Subject including, his/her personal data for purposes provided hereunder. 
4.2. Processing of data by the Bank without any limitations includes any action performed towards the data, using automatic, semi-automatic, non-automatic means, particularly obtaining information from data Subject or the Third Parties specified hereunder, collecting information, recording, photocopying, audiorecording, videorecording, filing, saving, replacing, recovering, requesting, using or disclosuing (including requesting information from and/or disclosing information to/for the third parties provided hereunder, who will afterwards carry out processing disclosed/requested data for the purposes provided hereunder) by transfering, spreading or in any other ways making information accesable, grouping or combining of information, its blocking, deleting or destroying. 
4.3. Data processing of existing information concerning the data Subject or the Third parties specified by data Subject is carried out by the Bank and/or by the Third parties specified hereunder (including without any limitations, by any authorized persons under the order of the Bank and/or when the Bank itself is an authorized person and acts under the order and in favour of the Third persons/parties, as data processor) and/or transfer of abovementioned information to the Third parties provided hereunder for the specified purposes that includes but is not limited to: 
4.3.1.Full name of data Subject; 
4.3.2. Identification number and/or its unique indicators of electronic identification; 
4.3.3. Legal and/or real address of residence; 
4.3.4. Phone/mobile phone; 
4.3.5. email; 
4.3.6. Credit history (negative as well as positive, including current/past liabilities, credits and details of their repayment) and insolvency status (points of evaluation of data Subject’s insolvency, it’s criteria and/or methodology); Joint-Stock Company “BasisBank” 
4.3.7. Movable and immovable property owned/being under the possesion of data Subject and characteristics of the property; 
4.3.8. Data regarding Employees and also information on employment terms (location of employment, salary, working hours etc.); 
4.3.9. Any data regarding account(s) existing with the Bank and in other Commercial Banks operating in Georgia, Including, without limitation, balances for specific times and dates onthese accounts and transactions carried out on such Accounts for the certain period; 
4.3.10. Any data on cards and relevant card accounts issued/emitted by the bank by other Commercial banks operating in Georgia including, without limitation, balance existing on these cards for a specific time and date and transactions carried out on such card accounts, as well as their access codes; 
4.3.11. Details of data Subject Account/clients data fixed with different payment providers (including withoiut limitations to Account/Subscribers number, address, balance existing for the certain time and period on Subscriber’s Account and/or indebtedness, and/or transactions carried out on subscribers accounts and/or balance reprenishment and/or debts payment etc.). 
4.3.12. Any data disclosed with different electronic channels and/or internet (including but not limited to records so called cookies etc.) activity of data Subject and/or third parties specified by him in said channels (including without restriction, history of log ins, implemented actions or transactions in such channel(s)); 
4.3.13. Information about family members, relatives, or other people residing at the addrss; 
4.3.14. Any other data related to Data Subject and that enables identification and/or characterisation and/or definition of risk profile of Data Subject and/or his grouping with other persons by physical, physiological, psychological, economic, cultural or social signs or by transactions activity specified or considered by above mentioned sub clauses. 
4.4. If Data Subject provides the Bank with the information about third parties (holder of additional card, guarantor, family members, employer or other) for the purpose of receiving service, including but not limited toto personal data, insolvency, property status etc., and the Bank processes the data including personal data, for the purpose of providing the banking services and/or for the marketing goals, then Data Subject is obligated himself/herselfto obtain consent of said persons about processing their personal data by the Bank. The fact of providing the Bank (or to its authorized entity) with such information by Data Subject implies obtaining consent from such persons and does not require consent to be obtained by the Bank. Data Subject is responsible for any damage/loss that could arise to the Bank in case of unfulfillment or improper fulfillmet of responsibilities by Data Subject. Data Subject agrees to reimburse and protect the Bank from any damage (including without any limitations, damage from the results obtained), from the claim, expenses (that includes without any limitations the expenses that the Bank shall incur to exercise its authority), legal proceedings and any other liabilities that may arise as a result of such violations. 
4.5. Processing of personal data (including without any limitationss, to web-browser, web-page of the Bank, internetbanking, mobile–banking, mobile applications of the Bank, payboxes, ATMs and/or other technical facilities or channels used for data transfers) in electronic channels of the Bank regarding the Data Subject also includes recording of activity of Data Subject (eg. Identification of location of Data Subject while using the electronic channel, description and analyses of data fixed at search field, recording frequency of products choosing and/or other statistical data and their analyses) and/or using other data provided by the Data Subject. (eg contact details of Data Subject or/and the Third parties). 
 
5. Grounds of data processing 

5.1. Data Subject is aware and agrees that within the period of using sevices of the Bank and also after termination of the Contractual relationships processing of data (including personal data of Data Subject or the Third party(s) specified by him) is necessary: 
5.1.1. In order to consider Application submitted by Data Subject and/or to provide him/her with relevant services; 
5.1.2. In order to protect legitimate interest of the Bank and/or the Third party(s);; 
5.1.3. In order for the bank to fulfill liabilities imposed by the legislation; 
5.1.4. To make marketing offers to the Data Subject; 
5.1.5. In other cases envisaged by the Law; 
5.2. If the legislatrion requires presence of the consent of Data Subject in order to precess personal data, any electronic and/or non-electronic application made by the Data Subject shall be consdered as such consent, by which Data Subject agrees with the present policy. 

6. Purposes of data processing 

6.1.Processing of data of Data Subject or data of the Third parties specified by Data Subject by the Bank or the Third Party provided hereunder shall be possible to be carried out for the various purposes including but not limited to: 
6.1.1. For complete and proper implementation of banking services; 
6.1.2. Incases provided by Law, for accessability of information to Audit Companies, to potencial antecedent or the cession, Regulatory Body, Controlling Body and other Supervisory authorities; 
6.1.3. for the purpose of improving and developing banking services when the Bank is carrying out analyses of existing data of Data Subject, including analyses of credit history, statistics etc.; 
6.1.4. for preparation of different reports, researches and/or presentations and for demonstrations; Joint-Stock Company “BasisBank” 
6.1.5. for providing security, for identification and/or prevention of fraud, money laundering or other crimes; 
6.1.6.Within the existing credit, for offering increasing of credit amount and/or changes to other conditions/terms of credit (including but not limited to credit term and interest rate) when obligatory precondition is rechecking of credit history of Data Subject for the moment of making proposal; 
6.1.7. For the purpose of offering new or exisitng banking credit or non-credit products for offering of which th obligatory and/or preferred precondition by the moment of providingoffer is rechecking of credit and/or transaction history and/or behavoural characteristics of Data Subject; 
6.1.8. For marketing purposes that implies periodically offering various products/services by the Bank as well as by the Third parties specified hereunder. 
 
7. Processing of applicant’s or employees’s data  

7.1. Processing of personal data for the purpose of conclusion, implementation and termination of employment contracts the Bank is authorized to process the data of person that became known to him while the process of making decision regarding persons employement and/or internship (hereinfater the Applicant). If the applicant's candidacy for a specific position was rejected, the applicant failed to go through the selection process or the trial period ended unsuccessfully, then the applicant’s personal data must be destroyed except the cases when Applicant has given his/her consent to the Bank (electornic as well as non-electronic) and/or to Third persons for the further processing and transferring of his personal data for the purposes of considering of his candidacy for the other positions in the future. 
7.2. If during the applicant selection process it is necessaty to obtain information about the applicant from Third party(s) becomes necessary, the abovementioned information must be carried out on the basis of legislation egarding personal data protection. 
7.3. Personal data related to employment relations, that were not obtained in the process of concluding and implementing of employment contract could be processed if: 
7.3.1.data processing is provided by Law; 
7.3.2. there is a consent of the applicant (including consent expressed by electronic form, by action eg. By statement, by submission of Application etc.), 
7.3.3.Processing the Data is essential for protection of legitimate interest of the Bank or he Third person and/or 
7.3.4.Data processing is carried out for the purposes prescribed by the Policy. 
7.4. Processing of data of special category is applicable only by written consent of the Applicant (Data Subject) or without consent of Data Subject in cases directly provided under the law on personal data protection (including but not only for taking decision on employment). 
7.5. Consent of Applicant for processing of special category data must be expressed clearly. 

8. Transfer of data to the third parties/requesting data from the third parties

8.1. For the purpose of providing complete and proper service for the Data Subject by the Bank within the frames of data processing it is necessary to transfer the data to the Third party(s) specified hereunder and/or request of personal data about Data Subject from such person(s) or/and information on the Third Person(s) specified by Data Subject. 
8.2. For the purpose of receiving banking services and its fulfilment with required volume, the Data Subject entitles the Bank with irrevocable right without additional prior or further consent of Data Subject: 
8.2.1.the Bank is authorized to receive data necessary for the Bank recurrently from the electronic data base of LEPL – State Service Development Agency concerning the Data Subject; 
8.2.2. Defined at his sole discretion and agreed with JSC ”CreditInfo Georgia” and/or other subjects with similar activity (Identification code: 204470740, hereinafter “Creditinfo“), “Creditinfo“), in an agreed form, rules and terms t tinfo“), o provide or/and request from CreditInfo information on Data Subject and/or concerning any additional card holder, that without any restrictions includes: identification data on Data Subject or/and persons specified by the Data Subject (any additional card holder, surety and other), the origin of basis of current indebtedness, credit history, volume, purpose, accrued interest and other conditions, validity period, timeliness payment of debts related to indebtedness by Data Subject or persons specified by Data Subject (any additional card holder, surety and other), indebtedness balance, in case of existance of litigation / arbitration –the results of litigation / arbitration and Enforcement processes; 
8.2.3.To give consent to CreditInfo to transfer to the third persons data provided to CreditInfo by the Bank regarding the Clients and/or the persons, specified by the Data Subject (any additional card holder, surety and other), under the condition that transfer of data delivered by the Bank concerning the Data Subject or/and the persons specified by Data Subject (any additional card holder, surety and other) to the persons who also supply CreditInfo with information of similar content and which have concluded appropriate contract with CreditInfo; 
8.2.4.To enquire, receive and use the data available at data base of Creditinfo regarding the Data Subject and/or the persons specified by the Data Subject (any additional card holder, surety and other); 
8.2.5. Within the regulations of Law, the Bank is entitled to recurrently transfer data to the Third parties (including and not limited to to related person(s), controling/regulator authorities, Auditors, potencial cessioners, companies providing to the Bank outsourcing services etc.), and/or receive from the said Third parties data (including but not limited to only personal data, Joint-Stock Company “BasisBank” account balances and/or indebtedness, information on transactions etc.). , required for the Bank on Data Subject and/or the persons specified by the Data Subject (any additional card holder, surety and other). 

9. Direct Marketing 

9.1. Data Subject authorizes the Bank to send advertisement messages (direct marketing), audio and/or other type of notifications with frequency defined by the Bank via phone number, email or other contact info specified by Data Subject at the Bank untill the Bank receives other indications from the Data Subject, in writing and/or via email and/or with form agreed by the Parties and/or established by legislation. 
9.2. For the purpose of implementation of various marketing proposals Data Subject authorizes the Bank to transafer and/or disclose personal data of Data Subject existing in the Bank or other confidential information to party(s) related to the Bank. Besides the Data Subject is empowered to require from related party(s) to terminate direct marketing in writing and/or via email, and/or form agreed by the Parties and/or established by legislation. 
9.3. In order to avoid any suspicions, it shall not be considered as Direct marketing and Data Subject shall not be empowered to require the Bank to terminate sending various of advertisement/informational messages if such advertisement/informational notifications are supplied to the Customer directly at the points providing banking services (eg. Advertisement banner, flyer, orral offer etc.) or at electronic channels (associated with the Bank) owned by the Bank (including ATM, internet-banking, mobile-banking). 

10.Video surveillance and audio recording 

10.1. For the purposes of information security, ownership and privacy, as well for the purpose of providing control over the service quality, in accordance with the requirements established by Law of Georgia on „Protection of personal data“, the Bank provides monitoring of external perimeter of the building(s) , entrnbces and working places by means of video surveillance system(s) and audio recording, as well video surveillance is carried out by means of ATM and other electronic facilities, and audio recordings are carried out during the phone communications with the Bank. 
10.2. Data Subject will be informed in appropriate way about existence of video surveillance and audio recording during the communication with the Bank and at the points of receiving banking services. On realising the necessity of video surveillance and audio recording Data Subject shall expresses his consent on processing of specified data. 

11.Updating of data processing and storage period. 

11.1. While using bank services and also after their termination the processing of information provided by present Article for the purposes specified hereunder (including for the LEPL - State Services Development Agency, JSC „Creditinfo Georgia” and for the purpose of transfer and/or receiving such information to/from the Third parties provided hereunder ) will last for the period corresponding to the goals and interests of the Bank and or requirements of Regulatory Body and/or provided by Law. 
11.2. The data that were provided to the bank by Data Subject by means of electronic channels (web-browser, web-page of the Bank, internet-banking, mobile–banking, mobile applications and/orother technical facilities for data transfer) is not terminated in case of deletion of such information by Data Subject from electronic channels of data transfer the storage of such data is carried out for the period corresponding to goals and interest of the Bank, requirements of Regulatory Body and/or provided by Law. 
11.3. In case of request by Data Subject, the Bank provides the Client with information exisitng in the Bank about his personal data within the framework established by law. To issue of such information the Bank is authorized to set the service charge except the cases when obligation to provide information free of any charge is prescribed by Law. 

12. Rights of the subject of data

12.1. Any subject of data is authorized to require information on type of information saved regarding him, how and for what purpose were collected said data; 
12.2. If personal data was transferred to the Third parties, the Subject of data shall be provided, in reasonable period after his/her request, with information on identity of the Third party of Third parties Group; 
12.3. If personal data is not correct, or is incomplete the Subject of data is authorized to demand correction or completion of such data; 
12.4. Subject of data is entitled to submit a claim on processing of his/her personal data for advertisement or market/ opinion survey purpose. If Subject of data states his refusal on using of his data for advertisement purposes the using of such data for the purpose of advertising must be terminated. 
12.5. Data subject is entitled to require processing of his data if there is no/ no more legislative ground for such data processing. 

13. Confidentiality of data processing 

13.1. Personal data is subject to data confidentiality. Obtaining, processing or using data by employees of the Bank, its Subsidiaries and/or Affiliated without permissio is forbidden. Any processing of information not carried out by employees of the Bank, its Subsidiaries and/or Affiliated within the framework of their legitimate duties is considered as forbidden/illegal. 
Joint-Stock Company “BasisBank” 
13.2. Employees of the Bank, its Subsidiaries and/or Affiliated persons are not entitled to use the personal data for individual or commercial purposes, disclosure of such information to unauthorized persons or provision otherwise accessibility to data. Employees’s Supervisors are obliged to inform new employees about the obligations to protect personal data and that obligation on protection of peersonal data is also valid after termination of employmen Contract. 

14.Security of Data processing 

14.1. Personal data shall be protected from unauthorized access and illegal processing and/or disclousre, as well as from occasional loss, changes or destroying. Present regulation applies despite the form of information processing - eletronic or in written (hard copy). Before introduction of the new mehods of information processing, especially of new systems of information techonlogies it is necessary to determine clearly and to introduse technical and organizational measures of data protection. Such measures shall be the latest and be based on data processing risks and obligations of their protection. 

15. Control on data processing 

15.1. Compliance with present policy of data protection and compliance whit current legislation in data protection sphere is checked and controlled on regular basis. Such checking and control is carried out by Structural Unit(s) of the Bank empowered with relevant authority. 

16. Obtaining of information/transfer from the third parties/to the third parties 
 
16.1. Bank strictly keeps confidentiality of existing information on subject data, including personal data, though the Bank is entitled to carry out disclosure of information to the Third party(s) provided under the sub clause „16.2“. (hereinafter referred to as the Third parties the Third parties the Third parties) or obtaining existing information on existing clients from the same Third parties if: (a) this is required for timely providing of information, (b) is determined by Law (eg client identification) and/or (c)serves the legitimate commercial 
purposes of the Bank. 
16.2. Third parties: 
16.2.1.Supervisory, regulatory or registration authorities,State or local self-governing bodies and legal entities founded by them (eg: National Bank of Georgia; LEPL Financial Monitoring Service of Georgia); 
16.2.2.Credit Bureau and/or Collectors organizations performing payments arisen from problem requirements and/or acquisition of said problem demands (cession). 
16.2.3International and local payment services Operators (eg Visa, MasterCard) 
16.2.4.H2H (direct hosting when settlements and information exchange between payment providers are carried out without participatuion of international payments systems) participating processing companies and/or Commercial Banks; 
16.2.5.Payment service providers and/or their Contractors (said objects use services of payment providers and implementation of this service is carrying out with participation of the Bank eg JSC “Telasi”); 
16.2.6.International and local Opeators of money transfers; 
16.2.7.Contactors and/or corporate clients of the Bank, using payment services of the Bank for receiving payment of their own clients (subscribers) (so called billing); 
16.2.8.Contractors of the Bank providing the Bank with outsource services, agreedt with National Bank of Georgia; 
16.2.9.Insurance company(s) (and any reinsurer) with which the Bank has concluded Contracts on insurance of banking risks. 
16.3. The Client is aware and agrees, that list of the third parties is not complete, comprehensive and occassionally the number of third parties could be increased or decreased, though,despite terms of data porcessing, actions of Bank will be in compliance with requirements on “Protection of personal data“ prescribed by Law of Georgia.