INTRODUCTORY PROVISIONS
The purpose of this Privacy Policy is to provide you with an overview of how Naša banka ad Banjaluka (hereinafter: Our bank, the Bank, the Controller) processes your personal data and to familiarize you with your rights regarding the processing of personal data. The Bank treats all data and information about its users obtained in the course of its daily activities in a confidential manner, and their disclosure or disclosure is permitted only with the prior written consent of the user or at the request of authorized supervisory and investigative authorities in accordance with legal regulations.
CONTROLLER INFORMATION
The controller of personal data processing is: – NAŠA BANKA AD BANJALUKA, Ivana Franje Jukića 1, 78 000 Banja Luka,
JIB: 4400390820006, www.nasa-banka.com For more information about the processing of your personal data, you can contact the Data Protection Officer via e-mail: zastitalicnihpodataka@nasa-banka.com , by mail to the Bank's address or by calling the Bank's Contact Center at 080050213.
PERSONAL DATA COLLECTED AND PROCESSED BY THE BANK:
Personal data is considered any data relating to a natural person whose identity has been determined or can be determined.
The Bank, within the framework of its registered activities, collects and processes personal data that clients (Data Holders) directly communicate to the Bank when establishing a business relationship with the Bank (data on gender, age, education, employment, family status, etc.), data on JMB, personal documents submitted by the client to the Bank, transactions carried out by the data holder, products and services used by the client, individual credit rating, contact data (e.g. address, contact phone number, e-mail address), and special categories of data. Information may be collected in various ways, including: electronic banking, mobile banking, e-mail messages, via telephone and in-branch conversations, when registering for the use of services, publicly available data on social networks, in user satisfaction research or product promotion. In addition, data may be collected from the registry registers of state and other institutions, and from other legal entities, all in accordance with the Law or a concluded legal transaction.
The Bank keeps records of personal data collections that show the types of personal data and the purpose of data processing.
PURPOSE OF PERSONAL DATA PROCESSING AND LEGAL BASIS
Processing of personal data for the purpose of fulfilling contractual or pre-contractual obligations The Bank processes personal data for the purpose of fulfilling the contractual obligations of the client and the Bank, or for the purpose of providing banking services and products (e.g.: opening and maintaining accounts, making payments, for savings purposes, credit services, m-bank and e-bank services, etc.). All information about the business relationship between the Bank and the client constitutes a trade secret. The user agrees that the Bank may forward part of his business information and personal data to a third party, in the country and abroad, based on legal regulations and the contractual relationship.
Processing of personal data based on legal regulations In carrying out its registered activity, the Bank processes personal data in compliance with legal regulations governing the banking sector, personal data protection, provision of payment services, prevention of money laundering and terrorist financing, as well as legal regulations defining the protection of personal data in the EU, which are not in conflict with the legal regulations of BiH.
Processing of personal data through video surveillance
In addition to the above, the Bank processes personal data of clients through video surveillance in accordance with legal regulations. When performing video surveillance, the recording of the person who was in the field of view of the video cameras installed in the Bank's premises is processed, as well as the date and time of recording. Video surveillance is carried out as a basic security measure for the protection of persons and premises in transactions with cash and other valuables. The recipients of the data are, at their justified request, state authorities - courts, prosecutors' offices, law enforcement agencies, by order of the court or prosecutor's office or in the event that the recordings are requested for a committed offense in accordance with the Law on Misdemeanors. Processing of personal data based on the consent of the client - data subject The Bank processes the client's personal data solely on the basis of the client's written consent for the purposes specified individually in the consent. The consent must contain the name of the Bank (Controller) and the time period for which it is given. The client may withdraw/revoke the given consent at any time, but the withdrawal of consent does not affect the lawfulness of data processing based on the consent that was carried out before its withdrawal. The processing of personal data based on consent is also used for marketing purposes (e.g. sending notifications to clients about promotions, offers, benefits offered by the Bank and other advertising material).
RECIPIENTS OF PERSONAL DATA
Access to the personal data of the client within the Bank is granted to the Bank's employees, based on the authorization and assigned rights to access information, who, based on the employment contract and systematization of their jobs, perform the tasks of providing the Bank's services to the client. Recipients of personal data may also be Processors who process the client's personal data on behalf of the Bank, and with whom the Bank has concluded business cooperation agreements. The Bank's employees and Processors are obliged to keep all confidential client data as a business secret. The Bank may not provide personal data to a third party without the client's written consent, unless it is in the public interest.
TECHNICAL AND ORGANIZATIONAL MEASURES FOR THE PROTECTION OF PERSONAL DATA
The Bank undertakes a number of activities aimed at protecting the personal data of its clients in order to prevent the destruction, loss, alteration of data (e.g. reduction of the amount of data, the scope of their processing, the storage time and their availability, etc.), as well as the unauthorized use and disclosure of the personal data of its clients. The Bank processes personal data only to the extent, scope and for the period of time necessary to fulfill the purpose for which the data was collected.
STORAGE PERIOD OF PERSONAL DATA
The Bank stores personal data only for as long as necessary to achieve the purpose for which the data was collected or processed, unless otherwise defined by law. After the purpose of their processing has been fulfilled, and unless there is another legal basis, the client's personal data will be deleted, destroyed, blocked or made anonymous.
DATA SUBJECT RIGHTS – Your rights
Right to access information - As a data subject, you have the right to request confirmation from the Bank whether it processes your personal data, for what purpose it processes it, the legal basis and duration of the processing, the controller, the method of collection, and a third party if it has access to your personal data.
Right to deletion, correction, addition or blocking - The data subject has the right to request in writing from the Bank the correction, deletion, addition or blocking of data that they determine is incorrect, incorrectly stated, the legal basis or legal period for data retention has ceased to exist, or the Bank processes data contrary to the law and rules relating to data processing.
Right to restriction of processing – The data subject has the right to request in writing from the Bank the restriction of processing of personal data when he/she disputes the accuracy of the data or the Bank processes the data unlawfully.
Right to data portability – The data subject has the right to request in writing from the Bank the transfer of their personal data, subject to the fulfillment of the conditions prescribed by the "General Office for Personal Data Protection", if they are not in conflict with the "Law on the Protection of Personal Data of BiH". Personal data that is processed may be transferred from Bosnia and Herzegovina to another country or provided for use by an international organization that applies adequate personal data protection measures prescribed by the aforementioned law.
Right to object – The data subject has the right to submit a reasoned objection to the Bank in writing if he/she believes that his/her right has been violated or there is a direct risk of violation of his/her rights. You can submit requests for the protection of your rights in writing to the nearest business unit of the Bank, to the address of the Bank's head office or via e-mail. The Bank is obliged to respond to your request within 30 days from the date of receipt of the request.
AUTOMATIC DECISION MAKING
The Bank, in accordance with applicable regulations, does not conduct automated individual decision-making (automatic processing of personal data) and does not create profiles when performing video surveillance.
USE OF THE BANK'S WEBSITE AND COOKIES
The terms of use of the Bank's website are regulated by a separate document, the General Terms of Use of the Website and the Cookie Policy.
CHANGE TO PRIVACY POLICY
The Bank reserves the right to amend this Privacy Policy in order to align it with changes in legislation and technology. Amendments to the Policy shall apply from the date of publication on the Bank's website. Anything not specifically stated in this Privacy Policy or in the contract between the Bank and the personal data subject shall be subject to the provisions of applicable legislation and the General Data Protection Regulation of the EU insofar as it does not conflict with the positive legal norms in Bosnia and Herzegovina. For all other questions related to the Privacy Policy, please contact us at the following e-mail address: zastitalicnihpodataka@nasa-banka.com
This document was last modified on November 3, 2025. year.