Dear customers and users of the My Car service, part of Bulbank Mobile application! Please note that it is necessary to be identified and your personal data to be processed in order to be provided with this service.

In this regard, you should read this Information Bulletin.

INFORMATION ABOUT PERSONAL DATA PROCESSED BY UNICREDIT BULBANK AD IN ACCORDANCE WITH REGULATION (EU) 2016/679 (GENERAL DATA PROTECTION REGULATION)

UniCredit Bulbank AD, with UIC: 831919536 with registered seat and management address in Sofia, Vazrazhdane District, 7, Sveta Nedelya Sq., holding a banking license issued by the Bulgarian National Bank by virtue of Order No. РД22-2249/16.11.2009, is a data controller.

To deliver the present service - to provide information on the availability of notifications regarding fines imposed by the Traffic Police, validity of: civil liability insurance, technical inspection, vignette and driving license, the Bank processes your personal data on a valid legal basis - conclusion of a contract by subscribing to the service and agreeing to the General Terms and Conditions for its Use.

When verifying third-party obligations/fines, the service user has to ensure that the relevant person is notified and that the verification is carried out on a valid legal basis - consent of the third party.

For the purposes described above, personal data subject to processing includes, without limitation: identification data (names, unique personal identifier or date of birth, identity document data, including driving license), contact data (such as email address, telephone number, user name, password), in accordance with the principle of data minimization and where strictly necessary.

In accordance with the requirements of Regulation (EU) 2016/679, UniCredit Bulbank AD has the right to disclose personal data, which it processes, to the following categories of recipients:

  • public authorities, institutions and establishments, auditors supervising the activities of the bank or the compliance with a law applicable to the bank or the data subjects. Those may be, for instance, the Bulgarian National Bank, the Financial Supervision Commission, the Commission for Personal Data Protection, the National Revenue Agency, the State Agency for National Security, the Ministry of Interior, courts of law, the prosecutor’s office, etc.
  • Third parties, individuals, legal entities, public authorities, institutions and establishments, upon fulfillment of the legal or contractual obligations of the controller in the performance of a service (e.g. courier companies or correspondent banks).
  • Subcontractors of the Bank, in their capacity as personal data processors. The personal data processors carry out the processing in accordance with the contract/other legal act concluded with the Bank and in accordance with the controller's instructions. The Bank only uses personal data processors that provide sufficient guarantees for the implementation of appropriate technical and organizational measures to comply with Regulation 2016/679.
  • Subcontractors of the Bank, in their capacity as personal data processors. The personal data processors carry out the processing in accordance with the contract/other legal act concluded with the Bank and in accordance with the controller's instructions. The Bank only uses personal data processors that provide sufficient guarantees for the implementation of appropriate technical and organizational measures to comply with Regulation 2016/679.

According to the General Regulation for the protection of personal data, you have the right to request access, correction, deletion, limitation, portability, objection to automated decision-making for the processing of your personal data in connection with the provision of this service.

Usually, UniCredit Bulbank AD does not transfer personal data to third countries or international organizations. However, if this is necessary, the provisions of the General Data Protection Regulation will be complied with.

UniCredit Bulbank AD processes your personal data within the terms established by the legislation in force in the country and by the regulatory supervisory authorities. Personal data with regard to which there is no explicit legislative/supervisory obligation to be stored, is erased after the purpose for which it was collected and processed is achieved.

You can contact the Data Protection Officer on the following contact details:

E-mail address: DPO@UniCreditGroup.BG

Correspondence address: City of Sofia, Vazrazhdane District, 7, Sveta Nedelya Sq.

If you believe that your rights regarding the processing of your personal data have been violated, you can file a complaint with the Commission for Personal Data Protection.