Pursuant to the General Data Protection Regulation, processing means " any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction”.
Banco L. J. Carregosa promotes the lawful and transparent processing of your data, using validated forms of legitimation and using them only for the purpose described below.
Processing for contract performance purposes
Some personal data are processed by Banco L. J. Carregosa as they are proved to be necessary for the performance of a contract or for carrying out pre-contractual proceedings:
- Opening of accounts and recording and preservation of information necessary for the provision of banking and financial intermediation services.
- Provision of information as part of the marketing of products and services provided by the Bank, and investigation as to whether that are suitable to the client’s profile.
- Management of the business relation through the recording of banking operations, in particular: transfers, transfer of titles, cheque and cash deposits, execution of orders in financial instruments, etc.
- Examination and response to complaints, requests for clarification, and suggestions.
- Adherence to and management of services linked to electronic channels, such as homebanking and e-trading platforms.
- Management of credit operations, in particular as regards the simulation and granting thereof, and also the provision of associated guarantees.
Processing based on a legal obligation
Banco L. J. Carregosa’s activity is subject to a set of legal requirements under which the bank has to collect and process a set of data, namely:
- Legislation on the prevention of money laundering and terrorist financing;
- The body of legislation on financial intermediation, headed by the Second Markets in Financial Instruments Directive (MiFID II);
- Legislation applicable to the exercise of the banking activity, especially the Legal Framework of Credit Institutions and Financial Companies; and
- Regulatory legislation issued by Banco de Portugal and the Portuguese Securities Market Commission;
- Determining risk profiles and investigation of knowledge, experience and investment objectives for the acquisition of certain financial instruments.
- Using screening and filtering tools to prevent crimes related to money laundering and terrorist financing.
- Responding to requests from supervisory bodies – Banco de Portugal and the Portuguese Securities market Commission – and from other public authorities.
- Compliance with tax and accounting obligations.
- Recording of images through videosurveillance cameras, in compliance with Decree-law No. 34/2013.
- Recording of communications carried out when placing orders in financial instruments.
- Establishment of a documentary archive.
Processing based on the legitimate interest of the Bank
Data processing carried out based on the legitimate interest of Banco L. J. Carregosa aims, above all, to continuously improve the business relationship and client experience, unless the interests or fundamental rights and freedoms of the data subject prevail and require the protection of personal data, in particular if the data subject is a minor.
- Providing information to clients on financial markets, technical analyses, etc...
- Sending marketing communications via SMS and e-mail on promotional campaigns or aimed at boosting the purchase of the products and services offered by the Bank.
- Using the historical data of interactions with clients and the financial information collected to define profiles and categories to increase the quality of communications and services provided.
- Checking the levels of satisfaction and the quality of services provided.
- Managing defaults (litigation) or the exercise/defence of a right, regardless of whether it is a legal proceeding or an administrative or out-of-court proceeding.
- Accessing credit information systems in determining credit risk.
- Keeping and managing information systems to protect their integrity, namely through access control and monitoring.
Processing based on the consent of the data subject
The data subject may enable Banco L. J. Carregosa to process certain data by giving their free, express, informed, specific and explicit consent (orally or by other verifiable means):
Collection of biometric data for the purpose of authenticating access to homebanking and validating operations.
Adapting the browsing experience on the Bank’s website, according to:
- The counting the number of hits (visits to the site), visitor origin, site viewing time and the pages consulted within the website;
- The optimisation of contents, based on the browsing history; and
- The optimisation of browsing based on the operative systems and browsers used.
Call recording with a view to monitoring the quality of services.
Other legal grounds for processing personal data set out in the General Data Protection Regulation are as follows:
- When the processing of data is necessary to protect a vital interest of the data subject or of any other person; and
- When the processing is carried out in the public interest and is done by a compliance officer vested with public authority.