Processing of Personal Data
The Company – TELECREDIT IFN S.A.
Address: Bucharest, District 1, 55 Dr. Iacob Felix Street, 4th Floor
Trade Register No.: J2014007586401
Fiscal Code (CUI): RO33317138
Contact number: +40 731 005 336
Data Protection Officer (DPO): Mariana Nițulescu
Address: Bucharest, District 1, 55 Dr. Iacob Felix Street, 4th Floor
Contact number: +40 723 528 967
E-mail: dpo@telecredit.ro
In accordance with the European Union General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”), applicable since 25 May 2018, Telecredit IFN S.A. informs you as follows:
1. Categories of Data Subjects and Data Collected
Through the OMNICREDIT online platform, Telecredit IFN S.A. processes personal data belonging to the following categories of individuals and legal entities:
· customers / potential customers / former customers,
· beneficiaries / potential beneficiaries of credit agreements,
· persons designated by a client to act on their behalf in relation with Telecredit, and
· clients’ debtors.
Telecredit processes only the data necessary for the purposes described below. The categories of processed data may include:
· Identification details: name, surname, pseudonym, customer code, personal identification number (CNP/NIF), business name and fiscal identification code (CIF for sole traders);
· Nationality and residence data: including fiscal residency;
· Identity document details: ID card, passport, civil status document, or driving licence;
· Contact details: address (residence, correspondence), phone number, fax, email;
· Personal details: gender, marital status, family members, mother’s maiden name;
· Employment and education details: studies, occupation, job title, workplace, type and duration of employment, date of last employment, professional experience;
· Financial information: income and its sources, housing situation, owned property (movable and immovable), financial behaviour and liquidity, monthly expenses, existing credit or debt obligations, repayment history, pending litigations, insurance policies held, taxes and fees paid, number of dependants;
· Information related to possible fraudulent or criminal activity, such as accusations or convictions regarding fraud, money laundering, or terrorism financing;
· Corporate relations: group membership, shareholdings, participation in other companies;
· Banking data: bank account numbers, details on banking products and services used, and transaction history;
· Conflict of interest data, if applicable;
· Political exposure data, if relevant (PEP status and public office held);
· Sanction data, if applicable;
· Handwritten or electronic signature;
· Any other personal data you may provide to Telecredit in various contexts.
2. How Telecredit Collects Personal Data
Telecredit may receive your personal data:
· Directly from you, or via a legal/conventional representative, by filling in forms or providing documents necessary for establishing or updating a contractual relationship, purchasing products or services, submitting applications, or making requests — through any communication channel;
· From publicly available sources, including government and regulatory bodies such as the Trade Register (portal.onrc.ro), Ministry of Finance (mfinante.ro), National Agency for Fiscal Administration (anaf.ro), Ministry of Justice (portal.just.ro), Electronic Archive of Security Interests (aegrm.ro / romarhiva.ro), the National Bank of Romania (Credit Risk Register, Payment Incident Register), the Official Gazette, and public data portals (data.gov.ro);
· From publicly available online sources, such as the internet and social networks;
· From Telecredit’s internal databases;
· From contractual partners of the data subject (for example, partners making salary payments or requesting payments from your accounts).
3. Purposes of Processing
Personal data collected through the OMNICREDIT platform are processed for the purpose of providing credit and factoring/discounting services, and for carrying out all related contractual steps, such as:
· customer identification and due diligence (“Know Your Customer” – KYC);
· creditworthiness and risk assessment;
· preparing and presenting offers;
· signing credit or factoring agreements;
· disbursing and managing the loan or factoring services;
· collecting or transferring receivables and enforcing debts;
· managing user accounts on the online platform;
· performing marketing and communication activities;
· meeting legal and regulatory obligations, including audit, fraud prevention, and anti-money laundering (AML) requirements.
Telecredit may also process limited special categories of data (such as health-related data) only to identify possible alternative repayment solutions for customers in difficulty.
When applying via the OMNICREDIT platform for an assignment of receivables, Telecredit may also collect data from publicly available sources, such as RECOM, AEGRM, Ministry of Finance, ANAF, Judicial Portal, LinkedIn, and the organisation’s website.
4. Legal Basis for Processing
Telecredit IFN S.A. processes your personal data under the following legal grounds, in accordance with Article 6 of the GDPR:
a. For the conclusion and performance of a contract (Art. 6(1)(b) GDPR)
Your personal data are processed when necessary to evaluate your application, provide products or services, or fulfil our contractual obligations.
This includes:
· assessing service and product requests and determining eligibility;
· providing information about requested or existing products and services;
· monitoring contractual compliance and notifying you about contract-related matters (e.g., payment due dates, changes to contract terms, rates, or features);
· taking measures in case of non-performance (e.g., debt collection, recovery actions, or declaring early maturity);
· modifying existing agreements (e.g., restructuring, refinancing, extending repayment periods, granting payment deferrals, or entering into payment arrangements);
· reporting required information to guarantee funds such as FNGCIMM or FGDB.
b. For compliance with legal obligations (Art. 6(1)(c) GDPR)
Telecredit processes personal data as required by applicable Romanian and EU laws governing financial institutions, including:
· customer identification and due diligence (KYC);
· risk analysis and reporting of suspicious transactions;
· fraud prevention and anti-money laundering / counter-terrorist financing (AML/CTF) obligations;
· recordkeeping and reporting to regulatory authorities such as ANAF, ANPC, BNR, CRC, ANSPDCP, ASF/BVB, and the National Office for the Prevention and Control of Money Laundering;
· judicial enforcement (e.g., debt recovery, garnishments, seizures);
· execution of court decisions;
· mandatory audits, financial statement verification, and guarantee revaluations;
· tax compliance, including withholding and reporting of taxes;
· ensuring physical and data security (e.g., CCTV monitoring where legally required);
· archiving and data retention in accordance with accounting and archival regulations.
c. For legitimate interests pursued by Telecredit (Art. 6(1)(f) GDPR)
Telecredit may process your data to serve its legitimate business interests, while ensuring your rights and freedoms are not affected. These activities include:
· conducting internal analyses, statistics, and market studies;
· monitoring customer satisfaction and improving services;
· developing, testing, and securing IT systems;
· fraud detection and prevention;
· risk management and internal reporting;
· ensuring high levels of information security (both physical and digital);
· managing and collecting debts, enforcing claims, and defending Telecredit’s legal rights in court;
· maintaining evidence of communications and consent through official channels;
· video surveillance for the protection of people and property;
· storing and archiving data in secure systems.
d. Based on your consent (Art. 6(1)(a) GDPR)
In certain cases, Telecredit will process your data only with your explicit consent, such as for:
· verifying and querying databases (e.g., Credit Risk Register, ANAF) during credit risk analysis;
· marketing and profiling for promotional purposes;
· recording customer service calls to improve service quality;
· granting special benefits or legal advantages upon your request;
· analysing behaviour on the OMNICREDIT website using cookies (both Telecredit’s and third-party cookies).
If you do not consent to these optional processing activities, they will not be performed, and this will not affect the other services provided to you.
5. Recipients of Personal Data
To perform its duties and meet legal obligations, Telecredit IFN S.A. may share your personal data with:
· Public authorities and regulators: National Bank of Romania (BNR), National Office for the Prevention and Control of Money Laundering, tax authorities, statutory auditors, and other competent public bodies;
· Service providers and business partners, including:
o law firms, notaries, enforcement officers, and debt recovery agencies;
o IT, software, hosting, and communication providers;
o accounting and audit firms;
o marketing and courier service providers;
o archiving service providers;
o banking institutions and payment processors;
o research and survey agencies.
Telecredit ensures that all data processors act under strict contractual confidentiality and GDPR-compliant agreements, limiting data use solely to the agreed purposes.
Examples of such processors include:
· Accounting firm (Bucharest)
· Server hosting company (Bucharest)
· Accounting software provider (Cluj)
· Debt collection company (Bucharest)
· Judicial enforcement offices (Romania)
· Payment processors and banks (Bucharest)
· Communication service providers (Bucharest)
These disclosures occur only when necessary and never simultaneously to all processors.
6. Duration of Data Processing
Telecredit retains personal data only for as long as necessary to fulfil the purposes for which they were collected and to comply with legal obligations. Retention periods are determined based on:
· the duration of contractual obligations and applicable BNR regulations;
· statutory accounting and archiving laws;
· financial audit and tax compliance requirements;
· or, where processing is based on consent, for as long as consent remains valid.
Specific retention rules include:
· at least 5 years for customer identification and AML/CTF compliance after the business relationship ends;
· 7 years for data reported to the Credit Risk Register (CRC);
· 5 years after contract termination for data used in direct marketing, unless consent is withdrawn earlier;
· after expiry of legal retention periods, data may be anonymised and retained solely for statistical purposes.
Failure to provide required personal data may prevent Telecredit from entering into or performing a credit agreement or from providing related services.
7. Processing of Personal Data for Direct Marketing
If you have given your consent, Telecredit IFN S.A. and/or its partners may process your personal data for direct marketing purposes, including the creation of customer profiles.
The data used for these purposes may include: your name, date of birth, address, email address, phone number, and — where relevant — information such as gender, marital status, occupation, field of employment, income level, employer, demographic data, IP address, and online behaviour (for example, pages visited or device used).
Telecredit processes this data to:
· send commercial offers, newsletters, or invitations to promotional campaigns;
· personalise offers or communication;
· manage loyalty or reward programs linked to your client account;
· tailor communications based on your preferences, previous choices, or product history.
If you do not consent, your data will not be processed for marketing purposes.
Profiling means any automated processing of personal data used to evaluate certain personal aspects, particularly to analyse or predict preferences, financial situation, behaviour, or interests.
Selection and analysis of customer data are not separate processing operations — they are part of how direct marketing is carried out.
8. Recipients of Personal Data
Depending on your relationship with Telecredit, your personal data may be disclosed to:
· You, or your legal or authorised representatives;
· Telecredit’s contractual partners, such as:
o debt recovery and collection agencies, field agents, couriers, notaries, lawyers, consultants, accountants, authorised appraisers, auditors, IT and archiving service providers (physical and electronic), and other service providers bound by confidentiality obligations;
· Marketing and market research providers;
· Entities involved in financing or assignment of receivables;
· Joint controllers, such as:
o National Credit Guarantee Fund for Small and Medium Enterprises (FNGCIMM);
o Rural Credit Guarantee Fund;
o Credit Risk Register and Payment Incident Register (under the National Bank of Romania);
o Central Depository;
o other joint controllers as defined by applicable legislation;
· Public authorities and supervisory bodies, including:
o National Bank of Romania (BNR),
o National Agency for Fiscal Administration (ANAF),
o National Office for the Prevention and Control of Money Laundering,
o Competition Council,
o Financial Supervisory Authority (ASF),
o Deposit Guarantee Fund in the Banking System (FGDB),
o and judicial or investigative authorities.
All data transmitted to third parties are adequate, relevant, and limited to what is strictly necessary for the processing purpose.
9. Necessity of Providing Personal Data
Providing your personal data is necessary for Telecredit to meet its contractual and legal obligations. Failure to provide required data may delay or prevent access to certain products or services, or make it impossible for Telecredit to offer or perform the requested services.
If you object to processing based on legitimate interest, your request will be reviewed individually, and Telecredit will respond in accordance with the GDPR.
Where processing relies on your consent, refusal or withdrawal of consent means that the related activity (for example, marketing) will not take place.
10. Rights of Data Subjects
Under the General Data Protection Regulation (GDPR) No. 679/2016, you have the following rights regarding your personal data:
Right to Information
You have the right to be informed about how your data are collected and used.
Right of Access
You can request access to your personal data and information about how they are processed.
Right to Rectification
You can ask us to correct or update inaccurate or incomplete data.
Right to Erasure (“Right to be Forgotten”)
You may request the deletion of your personal data when processing is no longer necessary or lawful.
Right to Data Portability
You may request your personal data in a structured, commonly used, and machine-readable format, and transfer it to another controller, where technically feasible.
Right to Object
You can object to:
· processing based on legitimate interests or public interest,
· direct marketing (including profiling), or
· processing for research or statistical purposes.
Right to Restriction of Processing
You may request the restriction of processing while data accuracy or lawfulness is being verified.
Rights related to Automated Decision-Making, including Profiling
You have the right not to be subject to a decision based solely on automated processing, including profiling, that produces legal or similarly significant effects for you.
Right to Withdraw Consent
If processing is based on consent, you can withdraw it at any time. Withdrawal does not affect the legality of processing carried out before withdrawal.
Right to Lodge a Complaint
You may file a complaint with the National Supervisory Authority for Personal Data Processing (ANSPDCP) if you believe your rights have been infringed.
11. Exercising Your Rights
To exercise any of the rights listed above or to withdraw your consent, you may contact Telecredit IFN S.A. by:
· Email: dpo@telecredit.ro — addressed to the Data Protection Officer (DPO)
· Postal address: Telecredit IFN S.A., 55 Dr. Iacob Felix Street, District 1, Bucharest, Romania
Telecredit will respond to your request without undue delay, and in any case within one month, as required by the GDPR.
If any of your data are inaccurate or outdated, please notify Telecredit as soon as possible.
12. Data Protection and Security Measures
Telecredit IFN S.A. attaches great importance to protecting your personal data and fully complies with applicable data protection laws.
The company has:
· appointed a Data Protection Officer (DPO);
· adopted an internal data protection framework covering data management, security incidents, and data subject requests;
· implemented technical and organisational measures ensuring confidentiality, integrity, and availability of data;
· provides regular employee training and testing on data protection awareness;
· ensures that partners receiving personal data comply with equivalent GDPR standards, depending on whether they act as processors or joint controllers.
