K&H mobilbank Privacy Policy
As data controller, K&H Bank Zrt. (registered seat: 1095 Budapest, Lechner Ödön fasor 9.; company registration number: 01-10-041043, hereinafter: „Bank”) provides the following information concerning the processing of personal data during the use of the K&H mobilbank application.
I. Accesses required by the application
|
Access |
Why? |
Description |
|---|---|---|
|
Camera |
Operation of the application |
For using the application’s features such as cheque scanning, K&H e-bank login and signature, K&H e-bank activation, K&H+ ticket validation. |
|
Contacts |
Operation of the application |
For using the application’s features such as setting a phone number as secondary identifier, creating a partner, selecting a phone number during a mobile top-up transaction. |
|
Microphone |
Operation of the application |
For in-app communication and voice interaction with the application (e.g., K&H quickcall and Kate). |
|
Telephone |
Operation of the application |
For in-app communication and voice interaction with the application. |
|
Internal memory |
Operation of the application |
For using the application’s features such as adding attachments to messages sent using the app, saving a contract to the device, storing mobile token and other data needed for the application to function. |
|
Location |
Operation of the application, fraud prevention |
For using certain features of the app, such as the ATM and branch locator, as well as fraud prevention and fraud detection. |
|
Others |
Operation of the application |
For using such features as the NFC for payment transactions, and using the biometric identifier and the fingerprint reader hardware on the device for authentication and authorisation purposes. |
II. Purpose of data processing
II.1. Providing e-channel services
The Bank enters into a contract with its clients to provide the K&H mobilbank service.
|
Legal basis |
Article 6 (1) (b) of the GDPR (performance of the contract) |
|---|---|
|
Data processing period |
Data are processed until the termination of the contract. |
|
Related storage period |
8 years after the termination of the business relationship (contract) (based on Article 6 (1) (c) of the GDPR, according to Articles 56 to 58 of the Anti-Money Laundering Act). |
|
Personal data categories |
Basic data (basic identification data, contact details); contractual data relating to the use of the product or service; product and service usage data; customer communication data; data considered sensitive beyond those specified in the GDPR (geolocation, photo). |
* Act CCXXXVII of 2013 on Credit Institutions and Financial Enterprises (“Banking Act”)
II.2. Fraud prevention and fraud detection
For the purpose of improving its capacity to detect and prevent fraud, the Bank processes data in order to mitigate the risks inherent in providing services electronically.
|
Legal basis |
Article 6 (1) (f) of the GDPR (legitimate interest) |
|---|---|
|
Compelling legitimate interest |
Pursuant to Article 107(1) of the Banking Act, the Bank uses effective processes to identify, measure, manage, monitor and report risks. |
|
Data processing period |
Until the termination of the contract. |
|
Related storage period |
5 years after recording the data (based on Article 6 (1) (f) of the GDPR, according to Article 6:22 of the Civil Code) |
|
Personal data categories |
Basic data (basic identification data); contractual data relating to the use of the product or service; product and service usage data; customer communication data; data considered sensitive beyond those specified in the GDPR (geolocation, IP address, details regarding interactions) |
Please note that the K&H mobilbank does not track your location continuously: location data are only saved upon key security events, such as activating the mobilbank application, logging into the application and signing transactions.
II.3. Logging by the mobilbank application for troubleshooting and debugging purposes
The Bank records various data through the application, to the extent necessary to resolve any errors that may occur during the use of the K&H mobilbank application and thus, to ensure the reliability of the service.
Such data includes information related to the device (ID, IP address, geolocation, operating system, screen resolution, browser type, hacked operating system signal), user activity data during the use of the application, errors and application crash data.
|
Legal basis |
Article 6 (1) (f) of the GDPR (legitimate interest) |
|---|---|
|
Compelling legitimate interest |
Yes, there is – logging is essential for the provision of the service. |
|
Data processing period |
180 days after recording the data. |
|
Related storage period |
5 years after recording the data (based on Article 6 (1) (f) of the GDPR, according to Article 3 (3) (f) of Government Decree no. 42/2015 (III. 12.)) |
|
Personal data categories |
Basic data (basic identification data, contact details); product and service usage data; customer communication data. |
III. Transfer of personal data
Personal data are transferred to companies carrying out outsourced activities as listed below:
III.1. Bloomreach B.V. (former company name: Exponea s.r.o., Fred. Roeskestraat 109, 1076 EE Amsterdam, Netherlands)
It provides the Bank with software licensing, support and operating services related to the Bloomreach automation communication system. It takes part in sending and storing messages forwarded via the K&H mobilbank application, as well as in processing customer, message, interaction and device data required for sending messages.
III.2 KBC Global Services NV (Havenlaan 2, 1080 Molenbeek-Saint-Jean)
KBC Global Services provides support through IT services for the development and operation of a new digital assistant solution integrated into the K&H mobile banking application. For this solution, the Service Provider provides infrastructure platform services through Amazon Web Services, and also provides the usage of Google STT/TTS.
Data is transferred to third countries based on an adequacy decision (Article 45 of the GDPR).
IV. Data subjects’ rights and remedies in relation to data processing
You have the right to access, request the rectification, erasure and the restriction of the processing of your personal data, and - in certain cases - object to the processing of the same.
For further information on data processing, including information on rights and remedies and the contact details of the Bank and its data protection officer, please consult our Privacy Notice at www.kh.hu/web/eng/data-protection.