This Data Processing Notice describes how we, Raiffeisenbank (Bulgaria) EAD (the Bank), entered in the Commercial Register at the Registry Agency under UIC 831558413, with registered office and address of management: 1407 Sofia, 55 Nikola Vaptsarov Blvd., Expo 2000 Building, web: www.rbb.bg, tel. 0700 10 000, processes your data in the capacity of a controller of personal data within the meaning of the Personal Data Protection Act and the General Data Protection Regulation when using the Developer Portal (hereinafter named „sandbox”). The contents of this sandbox will grow over time and potentially also change significantly from the early iterations which may result in breaking backward compatibility. The sandbox facilitates the learning and should help you to become familiar with methods of accessing data within the Bank Initiative.
1. Personal Data actively provided by you during the registration; its processing purposes
The Developer Portal is a discretionary offer by Raiffeisenbank Bulgaria EAD. You must register through the website at https://developer.raiffeisen.bg/. By signing up to our Developer Portal you are providing registration data, such as your name and email address. The information that you provide in connection with your registration must be correct and complete, and you are responsible for maintaining such information up-to-date and accurate throughout the term of your registration. Upon successful registration, you may be provided with access credential, passwords, API security keys and other account information (the “Credentials”). The Credentials are, and will remain, the property of Raiffeisenbank Bulgaria EAD and you are granted a nontransferable license to use the Credentials for the sole purpose of participating in the Developer Portal. You must keep the Credentials confidential and may not sell, transfer, sublicense, or otherwise disclose your Credentials to any other person or for any other purpose. If you become aware or if you suspect that the confidentiality of your Credentials has been compromised, you are obliged to inform Raiffeisenbank Bulgaria EAD without undue delay. You must not attempt to circumvent or modify any Credentials or other security mechanism used by Raiffeisenbank Bulgaria EAD in connection with the Developer Portal.
By registering a new application in the portal you are providing the application´s name. When requesting “Go Live” for an application we ask you to provide personal and company information such as your organization’s name, its address, phone number and email address. For further processing additional information will be requested for example via email and/or direct contact between the Bank and you. The collection of the Registration Data is necessary to administer your access to and improve your interactions with the Developer Portal, to verify your identity, to create a user account and to provide the services to you. The legal basis for the processing of such Registration Data is the contract on the use of the Developer Portal concluded with you. The provision of that Registration Data is compulsory. If you do not provide the Registration Data, you cannot use the Developer Portal.
Personal data processed by the Bank are part of the following categories of data subjects: the developer – to the extent the developer is a natural person (even after the cessation providing the aforementioned services), legal or conventional representatives of the developer for the purposes mentioned above (generally named hereinafter “Data Subjects”). Such personal data is above mentioned and is processed at the beginning of starting the relationship with the Bank with the occasion of creating the developer’s account or during such relationships (including activity tracking in the sandbox).
2. Data Retention Period
We will keep your personal data for a period of time not exceeding 10 years from the year
following the year of termination of the relationship in respect of which your personal data has
been collected and as long as there is no other reason to process the data.
We will keep your data for the following reasons:
- In order to be able to meet your requests for information;
- In order to be able to answer your questions and complaints;
- In order to be able to prove the fulfillment of our commitments to you;
- In order to fulfill the statutory obligations to the Bank regarding retention of client data and
the documents relating to the transactions and operations carried out, as well as the
documents relating to the establishment and maintenance of business or professional relations.
- In order to be able to fulfill our legal obligations in relation to reporting and capital
- In order to exercise our legitimate interests, e.g. for establishing, filing and defending
legal claims; a process of managing (not)credit frauds and using accounts with the Bank to
engage in illegal activities;
The storage and processing of your data after the expiration of the aforementioned period is permissible, if its deletion is prevented due to legal, regulatory or technical reasons, or for reasons related to the implementation of measures to prevent unlawful behavior, minimize the risk of credit frauds and to assist state bodies / institutions in this connection. This includes cases of court proceedings or other disputes arising out of legal relationships between you and the Bank, changes in the legal requirements regarding the retention of a specific type of information, and other objective reasons that delay data erasure.
3. Recipients of personal data
Within Raiffeisenbank Bulgaria EAD, those offices are given access to your data which require them in order to perform our contractual and statutory obligations. Service providers and vicarious agents employed by us may also receive data for these purposes if they observe our written instructions under data protection legislation. These are mainly companies from the categories listed below
- Public authorities and institutions (e. g., BNB, ECB, NRA, NSS, SANS, court, Commission for Personal Data Protection) insofar as a legal obligation exists.
- Other credit and ﬁnancial services institutions, comparable institutions and processors to whom we transfer personal data in order to perform the business relationship with you. Speciﬁcally: support / maintenance of EDP/ IT applications, archiving, data destruction, website management.
4. Your rights
Pursuant to the applicable data protection legislation you may have the right (i) to request access to your personal data, (ii) to request rectification of your personal data, (iii) to request erasure of your personal data, (iv) to request restriction of processing of your personal data, (v) to request data portability, (vi) to object to the processing of your personal data (including objection to profiling; also other rights in connection with automated decision-making).
Below please find further information on your rights:
To exercise your rights please contact us as stated under Sec. 5 (Contact us) below.
You also have the right to lodge a complaint with the competent data protection supervisory authority.
You are prohibited from and you will not engage particularly in any of the following activities:
- reverse engineer, disassemble, reconstruct, unmask, reverse assemble or decompile any object code of the platform, any RBBG(Bank) test data, API or any other data provided by Raiffeisenbank Bulgaria EAD in connection with the Developer Portal and the APIs;
- attempt unauthorized access to, or use of, Raiffeisenbank Bulgaria EAD’s services or systems;
- damage, disrupt, or otherwise negatively affect the operation of Raiffeisenbank Bulgaria EAD’s network or conducting denial of services attacks, finding or exploiting vulnerabilities in Raiffeisenbank Bulgaria EAD’s security;
- generate unnecessary or excessive calls or volumes of activity on or through API;
e. engage in any activity that prevents any other developer from using the Portal or the API;
- use any robot, spider, site search or other application to retrieve or index Portal;
- use any robot, spider, or other automatic device to create accounts on Portal;
- collect information about other developers;
- introduce any viruses, worms, trojans, webbots, trapdoor or other malicious code;
- disable, hack disrupt, damage or interfere with the Portal or the API;
- use the Portal and the API in a manner that may be regarded as being false or misleading to us;
- distribute, disclose, publish, market, sell, rent, lease, sublicense or assign to any third party any information to which you have access via Developer Portal without prior express consent of Raiffeisenbank Bulgaria EAD.
A violation of any of the foregoing may result in the immediate termination of your access to the Developer Portal and the APIs.
6. Contact us / Data protection officer
In order to protect your data in the course of its processing by Raiffeisenbank (Bulgaria) EAD, the Bank appoints a Data Protection Officer, tel.: 02/91985783, e-mail: email@example.com.
You can contact the Data Protection Officer on all matters relating to the processing of your personal data and the exercise of your rights under the applicable personal data legislation.