Credins Bank Sh.a (“Credins Bank”, “the Bank”, “we”, “us”, or “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how Credins Bank collects, processes, stores, and protects personal data when individuals visit our website, use our banking products and services, interact with us through digital channels or customer support, or submit applications and requests through our online platforms. The Bank processes personal data in accordance with applicable legislation on personal data protection, including relevant national laws and regulations and, where applicable, the General Data Protection Regulation (GDPR).

The controller responsible for processing personal data is Credins Bank Sh.a, with its Head Office located at Rruga Vaso Pasha Nr. 8, Tirana, Albania. The Bank determines the purposes and means of processing personal data collected through its services and digital platforms. Any questions or requests regarding the processing of personal data may be directed to the Bank through the contact information available on the official website.

Depending on the nature of the relationship with the Bank, Credins Bank may collect and process several categories of personal data. This may include identification data such as the individual’s full name, personal identification number, date and place of birth, nationality, and identity document details. The Bank may also process contact information including residential address, email address, and telephone number.

In addition, the Bank may collect financial information necessary for the provision of banking services, such as bank account details, transaction data, payment information, and information related to loans, cards, or other financial products. When individuals visit the Bank’s website or use digital banking services, technical data may also be collected, including IP address, browser type, device information, cookies, and usage data related to interactions with the website or digital platforms.

Furthermore, the Bank may process communication data that individuals provide when contacting customer support, submitting online forms, or sending feedback, complaints, or service requests.

Credins Bank processes personal data for the purpose of providing banking products and services and managing relationships with customers and website users. Personal data may be used to process applications for bank accounts, loans, payment cards, or other financial services, as well as to execute financial transactions and maintain customer accounts.

The Bank also processes personal data in order to perform identity verification procedures required by financial regulations, including Know Your Customer (KYC) requirements and anti-money laundering obligations. Personal data may also be processed to prevent fraud, ensure the security of banking systems, and comply with legal and regulatory requirements.

Additionally, personal data may be used to improve the functionality and security of the Bank’s website and digital services, to respond to customer inquiries, and to enhance the overall quality of services offered by the Bank.

The processing of personal data by Credins Bank is carried out on the basis of several legal grounds. In many cases, personal data is processed because it is necessary for the performance of a contract between the Bank and the customer or for taking steps prior to entering into such a contract. Personal data may also be processed when required to comply with legal obligations imposed on the Bank by financial legislation and regulatory authorities.

In certain situations, the Bank may process personal data based on its legitimate interests, such as ensuring the security of its services, preventing fraud, or improving its products and digital platforms. Where required by applicable law, personal data may also be processed based on the individual’s consent.

Credins Bank may share personal data with third parties when this is necessary for the provision of banking services or when required by law. Such disclosures may occur to regulatory authorities, government institutions, payment networks, financial institutions, or credit bureaus where applicable. Personal data may also be shared with technology service providers who support the Bank’s IT infrastructure, as well as with external auditors, legal advisors, or other professional service providers acting on behalf of the Bank.

In all cases, the Bank ensures that personal data is disclosed only to authorized parties and only to the extent necessary to fulfill the relevant purpose or comply with applicable legal requirements.

Credins Bank implements appropriate technical and organizational measures to protect personal data against unauthorized access, loss, destruction, alteration, or unauthorized disclosure. These measures include secure IT systems, restricted access to sensitive information, internal data protection procedures, and monitoring mechanisms designed to safeguard the confidentiality and integrity of personal data. The Bank continuously reviews and improves its security practices to ensure that personal data remains protected.

Personal data is retained only for the period necessary to fulfill the purposes for which it was collected. This includes periods required for the provision of banking services, compliance with legal and regulatory obligations, and the protection of the Bank’s legitimate interests. Once the retention period expires, the Bank ensures that the data is securely deleted, anonymized, or otherwise disposed of in accordance with applicable legal requirements.

Individuals whose personal data is processed by Credins Bank have certain rights under applicable data protection legislation. These rights may include the right to request access to personal data, the right to request correction of inaccurate or incomplete information, and the right to request deletion of personal data where permitted by law. Individuals may also have the right to restrict or object to certain processing activities and, where applicable, to request the transfer of their personal data to another service provider.

Where personal data processing is based on consent, individuals have the right to withdraw that consent at any time without affecting the lawfulness of processing carried out before the withdrawal. Requests related to these rights may be submitted through the Bank’s official communication channels.

The Credins Bank website may use cookies and similar technologies in order to ensure proper website functionality, analyze website traffic, and improve the overall user experience. Cookies are small text files that are stored on a user’s device when visiting a website. Users may manage or disable cookies through their browser settings; however, doing so may affect certain functionalities of the website.

The Bank’s website may contain links to websites operated by third parties. These websites operate independently from Credins Bank and may have their own privacy policies and data processing practices. The Bank does not control and is not responsible for the privacy practices of such third-party websites. Users are encouraged to review the privacy policies of any external websites they visit.

Credins Bank may update this Privacy Policy from time to time in order to reflect changes in legal requirements, regulatory obligations, banking services, or technological developments. Any updates will be published on the Bank’s official website, and the most recent version will always be available online.

For any questions regarding this Privacy Policy or the processing of personal data, individuals may contact Credins Bank Sh.a at its Head Office located at Rruga Vaso Pasha Nr. 8, Tirana, Albania, or through the contact information provided on the official website.