This Data Processing Notice describes how we, Raiffeisenbank (Bulgaria) EAD (the Bank), entered in the Commercial Register at the Registry Agency under UIC 831558413, with registered office and address of management: 1407 Sofia, 55 Nikola Vaptsarov Blvd., Expo 2000 Building, web: www.rbb.bg, tel. 0700 10 000, processes your data in the capacity of a controller of personal data within the meaning of the Personal Data Protection Act and the General Data Protection Regulation when using the Developer Portal (hereinafter named „sandbox”). The contents of this sandbox will grow over time and potentially also change significantly from the early iterations which may result in breaking backward compatibility. The sandbox facilitates the learning and should help you to become familiar with methods of accessing data within the Bank Initiative.
1. Personal Data actively provided by you during the registration; its processing purposes
The Developer Portal is a discretionary offer by Raiffeisenbank Bulgaria EAD. You must register through the website at https://developer.raiffeisen.bg/. By signing up to our Developer Portal you are providing registration data, such as your name and email address. The information that you provide in connection with your registration must be correct and complete, and you are responsible for maintaining such information up-to-date and accurate throughout the term of your registration. Upon successful registration, you may be provided with access credential, passwords, API security keys and other account information (the “Credentials”). The Credentials are, and will remain, the property of Raiffeisenbank Bulgaria EAD and you are granted a nontransferable license to use the Credentials for the sole purpose of participating in the Developer Portal. You must keep the Credentials confidential and may not sell, transfer, sublicense, or otherwise disclose your Credentials to any other person or for any other purpose. If you become aware or if you suspect that the confidentiality of your Credentials has been compromised, you are obliged to inform Raiffeisenbank Bulgaria EAD without undue delay. You must not attempt to circumvent or modify any Credentials or other security mechanism used by Raiffeisenbank Bulgaria EAD in connection with the Developer Portal.
By registering a new application in the portal you are providing the application´s name. When requesting “Go Live” for an application we ask you to provide personal and company information such as your organization’s name, its address, phone number and email address. For further processing additional information will be requested for example via email and/or direct contact between the Bank and you. The collection of the Registration Data is necessary to administer your access to and improve your interactions with the Developer Portal, to verify your identity, to create a user account and to provide the services to you. The legal basis for the processing of such Registration Data is the contract on the use of the Developer Portal concluded with you. The provision of that Registration Data is compulsory. If you do not provide the Registration Data, you cannot use the Developer Portal.
Personal data processed by the Bank are part of the following categories of data subjects: the developer – to the extent the developer is a natural person (even after the cessation providing the aforementioned services), legal or conventional representatives of the developer for the purposes mentioned above (generally named hereinafter “Data Subjects”). Such personal data is above mentioned and is processed at the beginning of starting the relationship with the Bank with the occasion of creating the developer’s account or during such relationships (including activity tracking in the sandbox).
2. Data Retention Period
We will keep your personal data for a period of time not exceeding 10 years from the yearfollowing the year of termination of the relationship in respect of which your personal data hasbeen collected and as long as there is no other reason to process the data.We will keep your data for the following reasons:
the documents relating to the transactions and operations carried out, as well as thedocuments relating to the establishment and maintenance of business or professional relations.
legal claims; a process of managing (not)credit frauds and using accounts with the Bank toengage in illegal activities;
The storage and processing of your data after the expiration of the aforementioned period is permissible, if its deletion is prevented due to legal, regulatory or technical reasons, or for reasons related to the implementation of measures to prevent unlawful behavior, minimize the risk of credit frauds and to assist state bodies / institutions in this connection. This includes cases of court proceedings or other disputes arising out of legal relationships between you and the Bank, changes in the legal requirements regarding the retention of a specific type of information, and other objective reasons that delay data erasure.
3. Recipients of personal data
Within Raiffeisenbank Bulgaria EAD, those offices are given access to your data which require them in order to perform our contractual and statutory obligations. Service providers and vicarious agents employed by us may also receive data for these purposes if they observe our written instructions under data protection legislation. These are mainly companies from the categories listed below
4. Your rights
Pursuant to the applicable data protection legislation you may have the right (i) to request access to your personal data, (ii) to request rectification of your personal data, (iii) to request erasure of your personal data, (iv) to request restriction of processing of your personal data, (v) to request data portability, (vi) to object to the processing of your personal data (including objection to profiling; also other rights in connection with automated decision-making).
Below please find further information on your rights:
To exercise your rights please contact us as stated under Sec. 5 (Contact us) below.
You also have the right to lodge a complaint with the competent data protection supervisory authority.
You are prohibited from and you will not engage particularly in any of the following activities:
A violation of any of the foregoing may result in the immediate termination of your access to the Developer Portal and the APIs.
6. Contact us / Data protection officer
In order to protect your data in the course of its processing by Raiffeisenbank (Bulgaria) EAD, the Bank appoints a Data Protection Officer, tel.: 02/91985783, e-mail: firstname.lastname@example.org.
You can contact the Data Protection Officer on all matters relating to the processing of your personal data and the exercise of your rights under the applicable personal data legislation.