Skip to main content

Information on the processing of personal data in the registry base system between credit and financial institutions

General information

In accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as the Regulation), we provide you with this information to inform you of the possible processing of your data in the Core System of the Registry (hereinafter: the “OSR” system).
The OSR system is a system of processing and exchanging customer data between credit and financial institutions as users of the OSR system (hereinafter: users) through HROK (Croatian Registry of Credit Obligations) for the purpose of creditworthiness assessment and/or credit risk management. 
Within the meaning of the Regulation, the users are both individual and joint controllers in the OSR system, and the company  Hrvatski registar obveza po kreditima d.o.o., Zagreb, Ulica Filipa Vukasovića 1 (hereinafter: HROK; or Croatian Registry of Loan Obligations), is, depending on the situation, their individual or joint data processor.
In accordance with Articles 13 and 14 of the Regulations, we hereby inform you, as our client and a debtor, co-debtor and/or guarantor, that we, as one of the users of the OSR system, process your personal data in the OSR system if you have, or have had, a monetary obligation towards us (such as a loan or overdraft or card debt, etc.). We process your data, including personal data, in the OSR system by exchanging information about your monetary obligations with other participants in the ORS system.  

Purposes and legal basis for processing

The purpose of processing and exchanging your personal data in the OSR system between credit and financial institutions as users of the OSR system is to assess your creditworthiness and/or manage our credit risk to you when you are our client or when you intend to be one. Exchange of your data in the OSR system:
 
a) between credit institutions (banks, savings banks and building societies) is based on the compliance with the legal obligation (in accordance with Article  6(1)(c) of the Regulation) contained in Article 321 of the Credit Institutions Act, which regulates the obligation to exchange customer data and  information between credit institutions for the purpose of creditworthiness assessment and/or credit risk management and
 
b) between credit and financial institutions and between two financial institutions, based on our legitimate interest, as well as the legitimate interest of all users (in accordance with Article 6(1)(f) of the Regulation) to assess the creditworthiness of clients (ability by the client to repay their obligations when due) in order to reduce and/or avoid the risk of non-performing loans and over-indebtedness of clients and to manage credit risks in relation to clients, which is one of the regulatory obligations of the users.

Which of your data are processed in the OSR system?

The following categories of your data are processed and exchanged in the OSR system:
- identification data, and
- data on the existing and settled or otherwise extinguished liabilities.

Identification data are:

  • OIB number, first name and surname
  • OIB number, name and registration ID number of the business entity (if you perform business activity)

Data on the existing, settled or otherwise extinguished liabilities (financial liabilities) include:

  • type of liability,
  • the total amount of the liability,
  • capacity in which you participate in the obligation (debtor, co-debtor and/or guarantor)
  • the amount and frequency of the annuity/instalment payment,
  • payment discipline in settling obligations,
  • the number of arrears,
  • the amount of arrears,
  • the number of days past due.

Data processing

Your data are processed by providing and storing data in the OSR system and exchanging such data between OSR system users at the request of an individual user in cases when this user performs creditworthiness  assessment and/or credit risk management. 
For this purpose, we, as well as other users of the OSR system, provide  updated personal information about our clients to the OSR system once a month.  
The exchange request may be made by us, as well as by other users, when we assess your creditworthiness and/or manage credit risk towards you. Based on the request, all data on your financial liabilities stored in the OSR system at the time of the request are exchanged and aggregated and an OSR report on the data contained in the OSR system is compiled.  
If there are no data  about your financial liabilities  in the OSR system, a notification is generated  instead of a report, stating that there is no such information on you in the OSR system.

The content of the report generated on the basis of the exchange of your financial liabilities data in the OSR system may have an impact on our business decisions concerning you, both the decisions for  which your creditworthiness is relevant, as well as the decisions  we make regarding the management of credit risk towards you.

Data on your financial liabilities which are up to 4 (four) years old are retained and exchanged in the OSR system. After your financial liability has been fully settled or otherwise extinguished, your data will be kept for a maximum of 4 (four) years from the date on which the financial liability is fully settled or otherwise extinguished.

The recipients of the data from the OSR system are only users of the OSR system, and only those who have made a request for data exchange and, based on such request, received a report with information about your financial liabilities or a notification that there is no information about your financial liabilities in the OSR system. Indirectly, HROK, being the processor in the OSR system, is also one of the recipients.

The current list of users of the OSR system is published on the HROK website

Your rights in RBA (in the case of processing your data in the OSR system)

More information

How to exercise these rights?

If you wish to exercise these rights as a private individual, please provide your OIB number, first name and surname name when you submit your request for exercising the rights. 
If you wish to exercise your rights exclusively as a business entity, please specify the type of the business activity, OIB number and business entity’s court registration ID number on your request.

You can exercise these rights by submitting a written request that will enable the unequivocal identification of you as a client, in person or by proxy in any RBA branch, and you can send the request by post to Raiffeisenbank  Austria  d.d., 10000 Zagreb, Magazinska 69 or by e-mail to the e-mail address: zastita-osobnih-podataka@rba.hr.


How to access data in the OSR system?

You exercise all rights in RBA, and you can also demand the right of access to personal data in writing at HROK d.o.o., Filipa Vukasovića 1, 10000 Zagreb, provided that the request contains your certified signature authenticated by a notary public in the Republic of Croatia or by the diplomatic or consular representation office of the Republic of Croatia.


Questions or comments regarding the processing of personal data in the OSR system

If you have any questions or comments regarding the processing of your personal data in the OSR system, you can contact our data protection officer by e-mail at the e-mail address: zastita-osobnih-podataka@rba.hr or in writing at: Raiffeisenbank  Austria  d.d., Službenik za zaštitu osobnih podataka (Personal Data Protection Officer), 10000 Zagreb, Magazinska 69.