Raiffeisen Bank and online lending platform fined in RO for incorrect use of personal data
The National Supervisory Authority for the Processing of Personal Data of Romania (ANSPDCP) fined Raiffeisen Bank and the local online credit platform Vreau Credit in the total amount of EUR 170,000, of which EUR 150,000 EUR payable by Raiffeisen, for a wide range of data privacy breaches.
Specifically, Raiffeisen Bank Romania performed rating assessments based on the personal data of people who registered on the Vreau Credit platform, provided via WhatsApp by platform employees, and then sent the result back to Vreau Credit using the same means of communication.
The personal data of some 1,100 people thus circulated between the two commercial entities.
Bank Raiffeisen has conducted surveys in the Credit Bureau database (to search for subjects’ payment incidents) and in the database of tax collection agencies, where a greater amount of information regarding subjects can be found. to be found.
In addition, Raiffeisen employees violated bank regulations by revealing the negative rating result to Vreau Credit.
Platform fined for disclosing personal data to Raiffeisen without clients ‘consent, Raiffeisen fined for performing rating assessments based on personal data and disclosing results without subjects’ consent and both were held responsible for using unprotected means of communication.