Online Privacy Policy


Our online privacy policy

We at TBI Bank EAD (“Bank”, “We”, “Our” or “Us”) respect the privacy of your data and are committed to your right to lawful processing and protection of your personal information. Our privacy policy aims to give you a clear explanation how we use your personal data or any other data we may collect from you. You can rest assured that we protect the information we collect. By using our websites, products or services, you accept that we are collecting, using and sharing of your data in accordance with this Privacy Policy. Please visit http://www.tbibank.bg or http://www.tbibank.ro for more information about us. The privacy policy is reviewed and updated periodically. For the last time, we changed our Privacy Policy on February 28, 2018. See our archive for more information.

Why do we collect your data?

We use the data we collect for you to provide you with services and to improve our products and services; to help you and send you notifications, offers and promotions; in order to protect our rights and interests as well as those of third parties and to comply with the requirements of the applicable legislation. We use your information to: • process your applications and provide you with services; • confirm your identity (this may also include the use of face recognition, voice, fingerprint, or other biometric technologies, as well as online identification systems); • perform credit checks, assessing your ability to pay obligations to offer you appropriate services before establishing a contractual relationship; • identify, prevent and avoid fraud, money laundering, terrorist financing and other criminal activities; • fulfill our legal obligations arising, for example, from the Law on Credit Institutions, the Payment Services and Payment Systems Act, the Consumer Credit Law, the Money Laundering Act, the Act on Measures Against the Financing of Terrorism, laws regulating accounting activities, etc. .; • contact you, including to inform you of any changes related to us, our services or our contractual relationship; • refund all funds due; • administer the various services we provide, • provide and improve the quality of services; • manage and improve our websites, maintain their safety, and ensure that content is displayed on your device in the most effective way possible; • develop and offer new services; • for statistical and market research activities, to measure or detect the performance of the advertisements we offer, and to provide relevant ads for you; • we advertise (on websites and in mobile, mail, e-mail, telephone or SMS) products and services of our company, other companies in our group and third parties, including personalizing and adjusting our offers to your personal preferences; • analyze, update and apply new technologies in terms of your identification, risk assessment and creditworthiness, fraud prevention, money laundering or terrorist financing; and • any other legitimate use that is relevant to our relationship with you. In any case, we collect your personal data in a legitimate and reasoned manner under the applicable legal framework, namely: • For the purpose of concluding and / or implementing a contract with you; or • based on your consent, when necessary – Your consent will be requested in advance, if necessary, before processing your personal data; or • to fulfill our obligations under the applicable regulations; or • for the purposes of our legitimate interests, except when your interests and rights take precedence over our interests. INFORMATION PROVIDED BY YOU We may collect any information you provide to us:

  • When you sign up on our website, use our web or mobile apps, fill out forms or apply for loans and other products and services on our website, in our offices, at our partners’ offices or websites, or otherwise.
  • When reporting a problem or communicating with us about our products or services.
  • When you participate in discussion forums, promotions or surveys, comment on our blog or use other social media features on our website or other activities performed through our websites or social media.
  • When you participate in a competition, promotion or research in any way, including at our partners’ sites and trough social media.
  • If you otherwise communicate with us through the above methods.

The information you provide us may include: your name (surname, surname, surname, name), ID / PIN, address, email address and telephone number, date of birth, gender, marital status, number of underage children, employee name, business phone number, monthly earnings and costs, financial information and credit card details, bank account number, bank account transactions, personal description, voice recording (incoming and outgoing calls), photo orimage, copy an identity document signature, and any other information you choose to provide us with. In order to use the full range of our remote payment services we can request access to the contact list in your mobile device without processing any personal data of your contacts. We will register, store and may use the information you provide to us in the ways listed above. It is also possible to record our communication over the phone.


How do we collect your data?

We collect the information in three ways:

  1. When you provide us with information, for example, in attendance, by filling out our applications (including our partners’ and agents’), on our websites, social media, mail, e-mail, telephone, live chat or in any other way,
  2. automatically when you use our websites or products, and
  3. when provided by third parties, for example, credit registers, other companies in our group or partners.

Much of our automatic data collection is done by using cookies, tracking signals or other similar technologies. For more information, please see our Cookies and Tracking Policy.


What information do we receive from you?

Data may be collected and processed while you are using our websites, mobile applications, or using our services, or when you communicate with us through other means. We can collect information such as your name, ID, date of birth, gender, address, email, telephone, employment data, IP address, device ID, location, financial and billing information, including details of your obligations, etc.:

  1. Information provided by you:

We may collect any information you provide to us: • When you sign up on our website, use our web or mobile apps, fill out forms or apply for loans and other products and services on our website, in our offices, at our partners’ offices or websites, or otherwise. • When reporting a problem or communicating with us about our products or services. • When you participate in discussion forums, promotions or surveys, comment on our blog or use other social media features on our website or other activities performed through our websites or social media. • When you participate in a competition, promotion or research in any way, including at our partners’ sites and trough social media. • If you otherwise communicate with us through the above methods. The information you provide us may include: your name (surname, surname, surname, name), ID / PIN, address, email address and telephone number, date of birth, gender, marital status, number of underage children, employee name, business phone number, monthly earnings and costs, financial information and credit card details, bank account number, bank account transactions, personal description, voice recording (incoming and outgoing calls), photo or image, copy an identity document signature, and any other information you choose to provide us with. We will register, store and may use the information you provide to us in the ways listed above. It is also possible to record our communication over the phone.

  1. The information we collect for you automatically:

Whenever you visit our website or use our mobile apps, we can automatically collect the following information: • Technical information, including the type of device, Internet Protocol (IP) address, and Internet Service Provider (ISP) used to connect your device to the Internet, your login information, plug-in type and version, time zones, operating system and platform, screen resolution, device locations, including specific geographic locations, such as GPS, Bluetooth or WiFi signals, font encoding; • Information about your visit, including the full Unified Resource Locators (URL), the sequence of clicks to, through, and from the website (including date and time); the products you’ve watched or searched for; (e.g., HTML pages, charts, etc.), page response time, download errors, duration of page visits, page interaction information (such as scrolling, clicking, and moving the mouse over certain items); the methods used to reach and exit pages, the date / time and / or click data, the types of content you see or interact with, other websites and apps you’ve visited, and any phone number used to call our call center. Please also see the section “How do we collect your data?”

  1. Information we receive from third parties.

We may request information about you from third parties, such as other companies in our group or credit bureaus. We do so in accordance with this Privacy Act and Regulation 2016/679 of the European Parliament and of the Council on the protection of individuals with regard to the processing of personal data and on the free movement of such data and, where necessary, we will receive and your prior consent. We may receive information from you from the following third parties in the following ways: In the course of each application you make for a loan or similar product, we may:

  • look for information about you, your creditworthiness, your financial condition, past and present debts and debts, employment in relevant registers (including registers containing income information, credit history, debts to third parties, addresses, invalid identity documents, money laundering and terrorist financing, and politically represented individuals), agencies, financial institutions, other companies in our group and other third parties and publicly available sources;
  • obtain the information you provide to credit intermediaries and our business partners when applying for services;
  • receive information from banks, financial and payment institutions about your payments to us.
  • from other companies and trading partners of TBI Bank EAD, with whom we cooperate in regard to the competitions, promotions or surveys in which you participate;
  • business partners in technical and payment services, advertising networks, analytics providers, search providers when we use them to provide services;
  • in any other case, when you have agreed to disclose your data to us.

How long do we keep your data?

We may retain your personal information for a certain amount of time after you have ceased to be a customer in order to guarantee our legitimate interests in the event of disputes or as required by law. Normally, we keep your personal data within the required timeframe, considering the purposes for which it was collected; primarily to carry out our contractual relations with you, exercise our legitimate interests or comply with legally prescribed storage deadlines.

Do we share your data?

We may share your data to provide you with services or to develop new ones; to verify creditworthiness and risk assessment; for the purpose of debt collection; when we sell all or part of our business, and to comply with relevant laws and regulations, etc. We may disclose your personal data to other companies in the group of TBI Bank EAD and / or 4 Finance for internal administrative purposes. We may share your data with other companies in the Group of TBI Bank and / or 4 Finance and certain third parties to fulfill the commitments entered into under the contracts with you and for the other purposes described in this Policy. In particular, we may provide your personal data to companies and individuals who:

  • provide services on our behalf to identify and certify you;
  • support our business activities such as hosting and website development, development and maintenance of information systems
  • assist our activities through risk assessment and fraud detection, money laundering prevention and terrorist financing,
  • to which we can assign debt collection and customer service,
  • provide courier or other communication services;
  • to which we commission analysis on the use of our services and support our marketing activities (advertising agencies, public relations agencies, research companies, etc.);
  • other service providers that we need for the purpose of providing our services, improving their quality, and fulfilling our statutory obligations and our obligations to you and ensuring that you meet your obligations to us.

We may also provide your personal data to third parties in the following cases:

  • at any time when we are legally bound, we may disclose information about your use of our services and your visits to our websites in order to comply with the law when we believe in good faith that disclosure is necessary to protect our rights, to protect your safety or the safety of others, to prevent and investigate fraud or to respond to requests from public authorities;
  • for purposes of identifying, investigating and preventing fraud and helping with fraud protection, in order to reduce credit risk;
  • to identify, investigate and prevent money laundering and terrorist financing activities;
  • we can share your personal data with providers of similar services such as banks, consumer credit companies, credit bureaus and agencies, as well as relevant national authorities and non-governmental organizations and other third parties to ensure full assessment of your solvency;
  • when processing and collecting direct debits or other payments due by you under a loan agreement, we may also share your personal data with third party payment service providers;
  • in case of non-performance or poor performance on your commitments, we may transfer the data about your outstanding obligations to debt service providers, credit bureaus, and legal service providers.
  • We can share your personal data with analysts and search providers that help us improve and optimize our websites.
  • In the sale of any part of our business or the transfer of your obligations to us for the benefit of a third party, we may share your data;
  • For any other purposes listed in the section “WHY DO WE COLLECT YOUR DATA?”

We may disclose your personal data to other companies in the TBI Bank EAD Group and / or 4 Finance that may provide you with various services on our behalf, in any case we will notify you in advance and if necessary under the applicable regulatory framework, we will request your prior consent for such provision. When transferring your data, we undertake to ensure that the recipient complies with the same security, personal data storage and handling as we do. For this purpose, we will sign appropriate contracts with the data recipients, which will provide for all reasonable measures to protect your data. Your personal data may be processed, stored and transmitted to third parties in the manner and in the scope provided in this Privacy Policy, in the contract concluded between you and us and in the consent you give us periodically. The data we collect for you may also be used for processing (including storage) outside of our country or the European Economic Area. The information we transfer can be shared with our service providers. This may include processes such as processing payments, data analysis (including fraud checks, risks and credit checks), data collection for the use of our websites and services for advertising purposes (including behavior-based ads), or offering assistance in view of your service or product needs. In such cases, we take all reasonable steps to ensure the security of your personal data in accordance with this Privacy Policy and the applicable regulatory acts. For example, we use the agreement with standard clauses of the European Commission, the EU-US Personal Data Protection Program, and the authorizations of the relevant data protection authorities to ensure that your data is safe.


What rights do you have on your data?

You have the right to inquire about the personal data we process for you, the purpose and nature of the processing, and provide you with information about who we share it with (unless disclosure of such information is prohibited by law). You may request a copy of the information we process for you to check the information we have for you. The copy can be requested free of charge. You may request that we update, correct or delete your personal data at any time (to the extent permitted by applicable law and if this does not affect the services we provide to you). Please keep in mind that we can reject queries that pose a risk to the privacy of others whose data we store, or are unreasonable, repetitive, or would require disproportionate effort. However, we are subject to certain legal obligations that prevent us from promptly deleting your personal information. Such obligations arise from the laws on anti-money laundering measures, tax laws, consumer rights laws, In any case, where we can not fulfill your request regarding your personal information, we will notify you in a timely manner. You must inform us in the event that there is a change in the data you have provided us in the process of concluding the contract or in our future cooperation and if you are convinced that your personal data we are processing is inaccurate. You may opt out of (or unsubscribe from) receiving our newsletters, newsletters, SMS messages or other similar promotional information at any time in your profile on our website or by contacting us. In addition, at the bottom of any email with a commercial message, we will provide a link to opt out of receiving our promotions. Please note that our messages may include important or useful information about the products you use, discounts or other useful offers. We work hard to protect your personal data and secure its storage. However, if you feel that we have violated your rights, please contact us to resolve the issue. You also have the right to complain to the data protection authority. A list of EU data protection authorities and contact information can be found here.

Do we make automatic decisions about you?

In order to process your loan application very quickly, we can make automated creditworthiness and risk assessments to decide whether to provide you with a loan and determine its maximum amount. The automatic evaluation is based on the data and information you provide, which are analyzed by a specialized algorithm. In certain cases, along with the analysis of the algorithm, your application will be reviewed by our employees. In the case of a wholly automated decision, you have the right to object to the decision and ask for its review by human intervention.

What changes were made?

We reserve the right to change this Privacy Policy at any time by specifying the date on which the Privacy Policy was last updated. If significant changes have occurred, we will focus on them and try to warn you directly when possible. We will also keep previous versions of this Privacy Policy in an archive so that you can view them. Follow this link to access previous versions of the Privacy Policy.

How can you get in touch with us?

Please do not hesitate to contact us for any questions, requests, or comments you may have regarding our Privacy Policy or the way we process your personal information. We welcome any communication via the dpo@tbibank.bg email address. You can also contact us by mail at: Compliance department TBI Bank EAD 1421 Sofia Ул. 52-54 Dimitar Hadjikotsev Bulgaria You can also contact the Privacy Officer on a group level via the email address Group_Compliance@tbibank.bg. TBI Bank EAD, UIC 131134023, with headquarters and address in Sofia, 52-54 Dimitar Hadjikotsev is an administrator of personal data received when using our websites as well as our products and services. TBI Bank EAD is registered with the Bulgarian Commission for the Protection of Personal Data under No. 0008057 / 20.10.2006. Please visit http://www.tbibank.bg for more information about TBI Bank EAD and its companies.

Is there more that you must know?

Our websites and applications may contain links to third-party sites. These third-party sites have their own privacy policies. If you visit these sites, you are subject to their policies.

Applicable documents

Announcement by TBI Bank EAD regarding the regulation (eu) 2016/679 of the european parliament and of the council