A business user may be any legal entity, body of state authority, local or regional self-government unit and their body, association and society (sports, cultural, charity, etc.) as well as any natural person (non-consumer) active within the scope of their registered economic activity or free occupation.
Affiliates with a business user can be: natural persons; business user owners; business user representatives; procurators; business user assignees; transaction account assignees; electronic banking users; business card users; guarantors; co-debtors; pledgors, and other natural persons whose personal information the business user provided to the Bank for use for the purposes of establishing and maintaining a business relationship (hereinafter: the Client).
The amount of personal data that the Bank collects depends on the requested service or product from the Bank’s offer. When establishing a business relationship, or subsequently following a status or other change, the Bank is obliged to collect data for which there is a statutory and regulatory obligation to collect and carry out measures of depth analysis or reporting to the competent authorities. The data for which a statutory obligation to collect has been laid down by the regulations governing the prevention of money laundering and terrorist financing, regulations regulating the operation of credit institutions, tax regulations and regulations regulating administrative cooperation in the field of taxation, regulations regulating the capital market and fund management. As a basis, the Bank collects the Client’s identification data.
With credit products, the Bank collects a larger set of personal data, to carry out adequately the assessment of the risk of establishing and maintaining such a business relationship. In addition to identification data, the Bank usually collects financial and property records, records of disputes, including criminal, and contact details of the Client. Due to the legal obligation of risk management, in the process of processing the loan application, the Bank conducts business user and related persons checks in credit registers. If the applicant does not have the appropriate credit rating or the loan participant does not provide the personal information needed to assess the risk or to secure the loan, the Bank will reject the claim for the credit product.
The Bank collects personal information of the Client through request and application forms, and other forms for products and services from its offer, through other communication channels available for clients through both the personal identification document and other documents that the client has made available to the Bank. The Bank stores these personal information in the purpose of establishing and maintaining a business relationship and providing quality service to clients. If the request, application form or other form is not filled in by the Client as an employee to the business user, the Client’s personal information is transmitted to the Bank by the business user as the employer of the Client, or the person representing the business user. In this case, the person from whom the Bank has received the Client’s personal data is obliged to notify the Client about the transfer of his personal data to the Bank, including information about the rules and principles set forth in the Personal Data Protection Policy of Hrvatska poštanska banka, the public limited company.
In addition to the personal data collected from the Client, personal data is collected from publicly available sources and registers, such as court register, craft register, business entities database and business search engine.