The Association of Serbian Banks – the Credit Bureau fully adheres to all legal regulations, principles and best practices in the field of personal data protection. For the purpose of adequate informing, the Credit Bureau is making the Personal Data Protection Information publicly available on its website. The information includes the contact details of the controller, the contact information of the person in charge of processing personal data, the data collected and processed by the Credit Bureau, the grounds for processing, the rights of persons with respect to processing as well as ways of exercising those rights, and other issues of interest regarding lawful, fair and transparent informing.
Association of Serbian Banks b.a.
86 Kralja Aleksandra Blvd
11000 BelgradeTel. +381 11 30 20 760; and email: ubs@ubs-asb.com
Milan Brković
Tel. +381 11 30 20 565; and email: zastita.podataka@ubs-asb.com
In terms of the Law on Personal Data Protection, personal data controllers are banks, leasing companies, payment institutions, government funds, lending agencies and other members of the Credit Bureau. The list of data handlers is published and updated on the Credit Bureau website.
The data controller shall be responsible for the lawful, fair and transparent processing of a subject’s data, the accuracy and up-to-dateness of the data, as well as for the modification, deletion, updating and other activities, as well as the personal rights arising from such processing.
It is the responsibility of the data controller to implement appropriate technical, organisational and personnel measures to ensure that the processing of personal data is being carried out in a lawful, transparent and fair manner.
The personal data controller is required to keep records of processing activities.
The Association of Serbian Banks is a data processor which performs personal data processing on behalf and for the controller. The data processor guarantees the implementation of appropriate technical, organisational and personnel measures in such a way that the processing is carried out in a lawful, transparent manner and enables the rights of data subjects to be protected.
The data processor processes the data only with the written instructions of the controller and must ensure that the individual who processes the personal data is obliged to maintain the confidentiality of the data.
The data processor, taking into account the nature of the processing, assists the controller by implementing appropriate technical, organisational and personnel measures to fulfil the obligations of the controller in relation to the exercise of the data subject’s rights and to make available to the controller all the information necessary to increase the fulfilment of the processor’s obligations.
The data processor is required to keep records of all types of processing operations performed on behalf of the controller, which contain information on the name and contact information of each processor and each controller on whose behalf the processing is performed, as well as the types of processing performed on behalf of each of the controllers.
The information in the Credit Bureau’s system refers to the identification data and to the data on liabilities and regularity in settlement of liabilities towards banks, leasing companies and other members of the Credit Bureau.
The identification information that is collected and processed refers to: first name, one parent's name, surname; unique citizen identification number; day, month and year of birth; residence address, city, postal code.
Data on liabilities and regularity in settlement of liabilities refers to: data on loan liabilities, current accounts, payment cards, leasing contracts and guarantees of an individual, as well as regularity in settlement of liabilities. The Credit Bureau is making publicly available a list of information on liabilities and regularity in settlement of liabilities on its website.
The information in the Credit Bureau’s system is used only for the purpose of approval of service, i.e. the assessment of the creditworthiness and solvency of the clients, for monitoring the settlement regularity during the service life and cannot be used for other purposes.
The Credit Bureau’s system does not collect particularly sensitive information, data of minors, income and property status of persons, nor does it make data available to a third party for any purpose.
Data in the Credit Bureau’s system shall be retained for a period sufficient to fulfil the purpose of the processing and which shall be defined by internal acts of the Credit Bureau.
The processing of personal data in the Credit Bureau’s system is legal if at least the following conditions are met:
The processing of personal data in the Credit Bureau’s system will also be considered legal in other cases defined by the Law on Personal Data Protection.
The data controller and the processor of the personal data are obliged to provide the data subjects with the exercise of the following rights based on the abovementioned processing:
The controller is obliged to provide the data subject, at their request, with a copy of the data being processed.
The Association of Serbian Banks publishes and regularly updates the list of data controllers and types of data processed on its website.
In accordance with the level of technological achievements and the costs of their implementation, the nature, extent, circumstances and purpose of processing, as well as the likelihood of risks occurrence and the level of risk regarding the rights and freedoms of individuals, the controller and processor shall implement appropriate technical, organisational and personnel measures to achieve the appropriate security level against risks such as pseudonymisation and cryptographic protection of personal data, ability to ensure lasting confidentiality, integrity, availability and resilience of systems and processing services, enabling re-availability in case of incidents as soon as possible, regular testing procedures and evaluation of the measures taken, etc.
The controller and processor are required to take steps to ensure that any natural person authorised to access personal data by the controller or processor only processes this data at the controller’s request (authentication and authorisation).
Pursuant to the Law on Protection of Personal Data, persons may appeal for protection of rights to the Commissioner for Personal Data Protection:
Commissioner for Information of Public Importance and Personal Data Protection
15 Kralja Aleksandra Blvd
11000 Belgrade
Tel. +381 11 3408 900, email: оffice@poverenik.rs
The Credit Bureau reserves the right to change the Statement on Personal Data Protection that will be posted on this website. Please check for changes in order to be timely informed.