Mobi bankа a.d. Beograd (hereinafter referred to as: Bank) applies the provisions of the Law on Personal Data Protection (hereinafter referred to as: Law) and provisions of other regulations governing this area in the process of personal data processing. To implement the principles of lawful, fair, and transparent processing of personal data, the Bank has prepared this Data Privacy Notice to provide individuals (clients, potential clients, and other persons) with relevant information regarding the processing of personal data at one place. 

Definition of terms: 

"Personal Data" refers to any data related to a natural person whose identity is determined or determinable, directly or indirectly, particularly based on an identity marker such as name and identification number, location data, electronic communication network identifiers, or one or more features of their physical, physiological, genetic, mental, economic, cultural, and social identity; 

"Personal Data Processing" encompasses any action or set of actions performed, either automated or non-automated, with personal data or their sets, such as collection, recording, sorting, structuring into groups, and/or storing, adapting or altering, disclosing, consulting, using, disclosing by transmission, dissemination, or otherwise making available, aligning, restricting, erasing, or destroying (hereinafter referred to as: processing); 

"Data Subject" is the natural person whose personal data is being processed; 

"Controller" is a natural or legal person, or public authority, which alone or jointly with others determines the purposes and means of the processing – for the purposes of this notice, the Controller is the Bank; 

“Processor” is a natural or legal person, or public authority, which processes personal data on behalf of the controller. 

Data Controller 

Mobi banka a.d. Belgrade, Omladinskih brigada 88, corporate ID 17138669. 

Appointed Data Protection Officer: 

As part of the implementation of personal data protection standards prescribed by the Law, the Bank has appointed a Data Protection Officer for the protection of personal data who can be contacted with all inquiries and requests related to the processing of your personal data at the following addresses: 

Email: zastitapodataka.banka@mobibanka.rs 

Mail: Omladinskih brigada 88, 11070 Novi Beograd 

Types of Personal Data 

The Bank processes the following types of personal data: 

1. Data contained on the client's identification document,

2. Contact details of the client,

3. Data required for creditworthiness assessment and 

4. Other data necessary for fulfilling the specific purpose of processing. 

Also, immediately after downloading the Mobi banka ad Belgrade mobile application from Google Play, App Store or App Gallery and installation on device, the Bank will collect information about the device itself via the mobile device (operating system of the device, model, resolution, language, information about country/region), without which the use of the Bank's products and services through the mobile application would not be possible. 

Purpose and Legal Basis for Personal Data Processing 

The Bank processes personal data of natural persons for the purpose of providing banking services, products, performing pre-contractual activities, including but not limited to account opening and management, executing payments, various types of savings products, loans, sending text messages and notifications about account status and transactions performed with payment cards, maintaining contact with clients through various channels, monitoring customer satisfaction, resolving complaints, delivering promotional materials and information about benefits and new offerings, participation in prize draws, and other services and products that the Bank will provide to clients. 

Principles of Personal Data Processing: 

The Bank will process personal data: lawfully, fairly, and transparently in relation to the Data Subject; data will be limited in relation to the purpose of processing; data will be adequate, relevant, and limited to what is necessary; data will be accurate and kept up to date, whereby the client has the right to request correction of inaccurate data at any time; data will be stored for a period necessary to achieve the purpose of processing; data will be protected from unauthorized or unlawful processing, as well as from loss, destruction, or damage. 

Bases for Personal Data Processing: 

1) Processing based on consent 

The Data Subject has consented to the processing of their personal data for one or more specific purposes. 

The Data Subject is entitled to revoke consent at any time. Revocation of consent does not affect the legality of the processing that was carried out based on consent before its revocation. 

In the case of consent withdrawal, data processing is possible if there is a contractual relationship between the client and the Bank or another basis for processing (law or legitimate interest). 

2) Processing for the Purpose of Preparing, Concluding, and Fulfilling Contracts 

Personal data processing on this basis is carried out when necessary for the performance of a contract concluded with the data subject or for taking steps prior to entering into a contract, at the request of the data subject. 

3) Processing Based on Law and Other Binding Regulations 

The Bank processes personal data based on laws or other regulations to comply with the legal obligations of the controller (for example, according to the Law on Prevention of Money Laundering and Terrorism Financing, there is an obligation to keep client data for 10 years after the termination of the contractual relationship, etc.). 

4) Legitimate Interest 

Banks process personal data based on legitimate interest in the following cases: 

• Processing of personal data even after the expiration of data retention periods for the purpose of defending the Bank's interests in proceedings before various state authorities (courts, inspections, etc.); 

•  Processing of personal data related to fraudulent/unlawful activities of individuals to protect the Bank from potential losses and reputational consequences; 

• Obtaining a non-conviction certificate for employment purposes to protect the interests and reputation of the bank;

• Video surveillance of the Bank's premises and the area around the premises for security reasons. The Bank will display a video surveillance notice to inform individuals about it. In the case of cameras installed within ATM machines to identify unlawful activities, displaying a video surveillance notice is not necessary;

• Data on family members and property of certain employees in order to prevent conflicts of interest;

• Recording telephone conversations of the bank's Call Centre for recording submitted requests, conducting controls, and adequately processing all requests of the Data Subjects;

• To comply with regulations that are not directly applicable in the Republic of Serbia, in order to respect regulatory requirements that impact the Bank or the group to which the Bank belongs (e.g. FATCA regulations, sanction regimes imposed by the European Union and the United States);

• In other cases, where processing is necessary for realizing the legitimate interests of the controller or a third party, unless the interests or fundamental rights and freedoms of the data subject prevail.

Personal Data Recipients 

The Bank has the right to forward personal data relating to the individual, documentation relating to the individual, and other data considered as banking secrecy, data on obligations under contracts concluded between the Bank and the data subject, and the manner of their fulfillment and adherence to contractual provisions, to the National Bank of Serbia, Credit Bureau of the Association of Serbian Banks, Forum for the Prevention of Abuse in Credit and Payment Card Transactions at the Chamber of Commerce of Serbia, external auditor of the Bank, Yettel doo Serbia, members of the PPF group domestically and abroad, members of its bodies, its shareholders, and all other persons who due to the nature of their work must have access to such data, third parties with whom the Bank has concluded a contract regulating the handling of confidential data, as well as all other bodies or persons to whom the Bank is legally obliged to provide the relevant data.

Transfer of Data out of the Republic of Serbia 

Personal data may be transferred from the Republic of Serbia to other countries or international organizations only in accordance with the rules set by the Law on Personal Data Protection, internal acts of the Bank, and other regulations governing this area.

The Bank may share personal data with the PPF group to which it belongs, which implies the possibility of transferring personal data to other countries that are members of the European Union and/or the Council of Europe Convention on the Protection of Individuals with regard to Automatic Processing of Personal Data, where there is an adequate level of personal data protection. If the Bank intends to transfer personal data to countries that are not part of the aforementioned group, the transfer will be carried out in accordance with the Law on Personal Data Protection and respecting the prescribed standards for the protection of personal data. 

Retention Period of Personal Data 

The Bank will process and retain personal data collected for the purpose of executing rights and obligations from the business relationship for the entire duration of the contractual relationship, and thereafter only if there is consent from the individual, a legal obligation, or a legitimate interest of the Bank.

Personal data processed solely based on the consent of the data subject are processed in accordance with the purpose for which they were collected, or until the consent is withdrawn by the data subject. 

In the case where the client voluntarily submits their data to the Bank, the Bank will process them as necessary and within a period corresponding to the purpose of processing those data. An example includes submitting a CV or other documents to the published addresses of the Bank; submitting other documents, information, or data containing personal data, to the Bank's employees via electronic channels, orally through the Bank's Contact Center, or by other means. 

Rights of the Data Subjects in Relation to the Processing of Personal Data 

The Data Subject is entitled to access the personal data processed by the Bank. The data subject has the right to request correction, updating, deletion of data, as well as restriction of processing. The data subject has the right to object to the Bank at any time regarding the processing of personal data concerning him/her. 

In addition to the aforementioned rights, the data subject has the right to data portability, i.e., the right to receive the data previously provided to the Bank from it, for the purpose of transferring to another controller, and the right to have the data about him/her directly transferred to another controller by the Bank, if it is technically feasible and if, according to the Bank's assessment, the necessary standard of personal data transfer security is ensured. 

The data subject has the right to lodge a complaint with the competent authority (Commissioner for Information of Public Importance and Personal Data Protection) on the processing of personal data if he/she believes that his/her personal data is not being processed in accordance with the Law on Personal Data Protection. 

Automated Data Processing 

Within the business relationship between the Bank and the data subject, for the purpose of exercising rights and obligations arising from the same, the Bank may process client data entirely or partially in an automated manner, in order to offer and provide services that meet the specific needs of the data subject, as well as to improve the business relationship of the Bank with its clients. 

Cookie Policy 

A cookie is a text file stored locally on your computer, tablet, or mobile phone, which enables the recognition of a user returning to a website. 

The Bank's Internet Application uses cookies to optimize, i.e., to remember your preferred options regarding language, font size, and other display characteristics. This means that you do not have to state your preferences every time you visit the Bank's Application. No personal data is saved in this case, so these details cannot be used for personal identification. 

If you do not want a cookie to be stored on your computer, you must disable cookies for this website in your internet browser. You can delete previously installed cookies from your internet browser. 

In addition, the Bank uses software solutions for Web analytics that are integrated into the Bank's Applications and serve for the statistical analysis of the use of the Bank's Applications (Piwik, Google Analytics...).