FACEBOOK YOUTUBE LINKEDIN INSTAGRAM
Language Shqip
Language Shqip

Privacy Policy

Homepage / Privacy policy

List of Data Processors

Tirana Bank Data Privacy Notice

Responsible for data processing: Tirana Bank (hereinafter referred to as “Bank”) “Ibrahim Rugova” Street, Po, Box 2400/1 1000, Tirana T: +355 0 4 2277700 E-Mail: info@tiranabank.al Contact data of the Data Protection Officer of the Bank: T: +355 0 4 2277700 E-Mail: dpo@tiranabank.al 

“Tirana Bank” S.A. is a commercial company, registered in the Commercial Register with Nuis J61924008V, in its capacity as the Controller of Personal Data, hereinafter referred to as the “Bank”, in the context of the Law No. 9987 date 10.03.2008 “on Data Protection”, as amended, and the General Data Protection Regulation (EU) 2016/679, hereinafter referred to as the “GDPR”, as currently applicable, shall hereby provide the following notice on the processing of your personal data and your rights as the data subject. The content and scope of your personal data processing is closely linked to the products and services you have requested or agreed with.

This notice is addressed to individuals who perform any transaction with the Bank, including but not limited to Customers who have maintained a permanent relationship with the Bank or walk-in Customers, their respective legal representatives, as well as their special or universal successors, to representatives of legal persons and to any natural person who has business relations with the Bank in any capacity.

Personal data processing is the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, transmission, restriction or erasure of personal data which was or will be brought to the attention of the Bank, either as part of your business relations with it or as part of any update which is received by the Bank from any third party, a natural or legal person or public sector body, while exercising a legal right of their own or the Bank.

In compliance with the current legislative framework, the Bank has taken all steps required, by implementing all appropriate technical and organizational measures for the lawful adherence, processing and safe retention of personal data files and is committed to ensure and protect in every way the processing of your personal data against any loss or leakage, alteration, transfer or any other unlawful processing.

A. Which personal data we process and where we collect them from?

  • The Bank processes your personal data, which you or your legal representatives have submitted or will submit to the Bank, which are necessary for the commencement, continuation and execution of your business relations with the Bank, either existing or future ones, depending on the product or service provided and the current applicable procedures and policies of the Bank. The personal data you provide the Bank with / submit to the Bank must be complete and accurate and shall be diligently and immediately updated by you, in case they were altered or whenever deemed necessary by the Bank in order to preserve your business relations or to fulfill any of its obligations pursuant to the law and the respective applicable regulatory provisions.
  • The Bank shall also process your personal data which were received or brought to its attention by any third party, a natural or legal person or public sector body, and which are necessary either to achieve the Bank’s or any third party’s legitimate interests, or to perform the Bank’s tasks which are carried out in the public interest (e.g., Credit Registry, interbanking system, tax and insurance bodies).
  • The Bank may also process your data which it has collected from other third parties, such as publicly accessible sources (e.g., Commercial Register, Internet), provided that said data are necessary for the purposes of the processing.
  • In order to initiate and continue its business relationship with its Customers and to open a deposit account for any individual, the Bank shall collect and process at least the following personal data: Full name, father’s name, personal number, details of identity card / passport, permanent residence, home address, correspondence address, business details and business address, financial data (e.g. income tax assessment), tax residence, tax identification number, telephone number (fix and / or mobile) and specimen of signature (physical or electronic). Where appropriate, you may be requested to submit additional details (e.g. student identity card, permit of stay), provided that these data are considered as prerequisite for the commencement or continuation of a specific business relationship.
  • If you are not a client of the bank (do not have a customer code / number), for the execution of any banking transaction (e.g. payment transaction at the cashier desk), the Bank shall collect and process the following data: Full name, father’s name, personal number, ID data, address and telephone number, while for transactions in cash and depending on the amount of the transaction, you may be requested to provide additional data included in any other official document, tax identification number, business details, contracts, etc.
  • Depending on the product / service provided by the Bank or as part of the evaluation of your financial capacity with the purpose of settling / restructuring your debts, the Bank may collect and process additional data, including but not limited to the following: financial details (e.g., tax returns, income tax assessments, sole proprietorship financial details) or other income sources, property asset valuation, data of the financed or mortgaged property, insurance policies (e.g., coverage against Fire / Earthquakes) as well as additional information – as part of implementing the current rules on financial instruments markets.
  • The collection and processing of your aforementioned personal data by the Bank is necessary for the establishment, maintenance and continuation of any business relationship between us. If you object to the provision or processing of your personal data, it may be impossible to establish or continue your cooperation with the Bank refusal to process and use your mobile number makes it impossible to provide the SMS alert service).

B. Processing of special categories of personal data.

The Bank shall not process any personal data of yours which are related to your racial or ethnic origin, political opinions, religion or philosophical beliefs, trade union membership, genetic or biometric data, which confirm your identification as the data subject, and data concerning health or data concerning your sex life or sexual orientation, unless:

a. you have given your explicit consent for a specific purpose (e.g. processing of your data through your photo (selfie), which undergoes special technical processing, biometric analysis and is compared with the photo of your ID card, for the purpose of your unmistakable identification or verification of your identity, in the context of the process of remote electronic identification for the beginning of your remote relationship with the Bank);

b. these data have been provided to the Bank by you or any third party, either natural or legal person, as part of the documentation and safeguard of your and/or the Bank’s legitimate interests, in its capacity as the controller (e.g., information on subjects who have been placed into guardianship);

c. processing is necessary to protect your, any other individual’s, vital interests (e.g., opening and keeping of fundraising accounts);

d. the data have been manifestly made public by you;

e. processing is necessary for the establishment, exercise or defense of both your legal claims and the Bank’s, in its capacity as the controller (e.g., incapacity to perform legal acts);

f. processing is necessary for reasons of substantial public interest (investigation of any suspicious activity under the laws on the prevention and control of money laundering and terrorist financing).

In any case, the Bank has taken all necessary technical and organizational measures to securely keep and process your personal data belonging to the special categories above.

C. Children - related data

The personal data of minors shall be processed subject to the prior consent of their parents or the persons who have undertaken their parental responsibility, unless otherwise specified by law. For the purposes hereof, minors are persons who have not attained the age of 18 years.

D. Lawfulness of processing

The Bank shall legally process personal data, provided that processing:

  • Is necessary for servicing, supporting and monitoring your business transactions with the Bank and the proper execution of any agreements between you and the Bank.
  • Is necessary in order for the Bank to comply with any legal obligations or for the purposes of the legitimate interests pursued by the Bank, which arise from your business transactions with the Bank, or other legal rights of the Bank.
  • Is necessary for the performance of a task carried out in the public interest, in the context of the current legislative and regulatory framework.
  • Is based on your prior explicit consent, if processing is not based on any of the aforementioned legal processing bases.

E. Withdrawal of consent

You have the right to withdraw your consent, whenever required, at any time without said withdrawal affecting the lawfulness of processing based on consent before its withdrawal. The withdrawal of your consent may be submitted at any branch of the Bank.

F. Purposes of processing

The processing of your personal data is related to:

  • Servicing, supporting and monitoring your business transactions with the Bank, the proper execution of any agreements between you and the Bank and any bank transactions, the examination of any requests for the provision of the Bank’s products/services, the performance of the Bank’s obligations, in its capacity as the controller or the processor, and the exercise of its legal and contractual rights.
  • The conduct of any audits, as provided for by the current legislative and regulatory framework, the protection of commercial credit and financial transactions, transmission of your data related to your financial behavior, the assessment of your solvency and search for financial behavior data (e.g., from the interbanking records of Credit Registry).
  • The registration, recording and archiving of all types of your orders to the Bank, which have been given in writing, by electronic means or by telephone, in order to conclude transactions and for the protection of transactions.
  • The upgrading of the Bank’s products, services, and the promotion of any products and services of the Bank, and any collaborators of the Bank, subject to your prior consent.
  • The execution of any requests towards the Bank or the investigation of your complaints regarding any products and services offered by the Bank.
  • The compliance with the Bank’s legal obligations according to the current legislative and regulatory framework (e.g., legislation on the prevention and control of money laundering and against terrorism, tax and social security provisions).
  • The protection of the Bank’s legitimate interests in relation, among others, to the following:
    • a. any legal claims of the Bank which are raised before the competent judicial or extrajudicial / alternative dispute resolution bodies;
    • b. the prevention of fraud and other criminal acts;
    • c. the assessment and optimization of security procedures and IT systems;
    • d. the management of the Bank’s operational and credit risks;
    • e. physical security and the protection of persons and property (e.g., video surveillance)

G. Automated decision making and profiling

The Bank may in certain cases, for the fulfillment and achievement of lawful purposes and always in compliance with the provisions of the GDPR and applicable data protection legislation, make any decisions exclusively based on automated personal data processing procedures, including profiling, In particular, the Bank may legally make such decisions, including profiling, for monitoring purposes and for the prevention of fraud at your expense or at expense of of the Bank or any third party (e.g., malicious debit of a credit card, unusual transaction in a bank account), as well as for the provision of ensured and reliable services by the Bank (e.g., investment products and services), or if the processing is necessary for the conclusion or execution of an agreement (e.g., credit scoring, which shall be based on personal data received directly by you or after a search in the financial behavior database of Credit Registry, and which uses as criteria the subject’s income, financial obligations, profession, and the compliance with its contractual obligations as part of the subject’s previous financing, which the subject has received from the Bank or any third creditor, in order to assess your credit rating and to grant you the respective financing). The Bank may also make such decision, including profiling, to promote new products and services of the Bank, Group companies and companies cooperating with the bank, and always provided that prior explicit consent has been given.

H. Processing of personal data and profiling for direct marketing purposes

After the Bank has first obtained your consent, it may process your personal data in order to inform you on any products and services provided, which might interest you. For this purpose, the Bank processes information regarding the Bank’s services you use and/or any standard banking transactions you perform in order to present you products, services or offers which shall better serve your needs.

In any case, you have the right to revoke the consent you have given usand/or to object the processing of your personal data for the above purposes of direct marketing of the Bank’s products/services, including any profiling, by submitting a written request to dpo@tiranabank.al  or to any Branch of the Bank.

I. Data retention period

The Bank shall process and store your personal data as long as it is necessary for the performance of Bank’s contractual and statutory obligations. In this regard, it should be noted that our business relationship is a continuing obligation designed to last for several years. If the data are no longer required for the performance of Bank’s contractual and statutory obligations, they are regularly deleted, unless their further processing (for a limited time) is necessary for the following purposes:

  • Compliance with records retention periods under commercial, accounting, tax and anti-money laundering law, such as but not limited to, the law “On entrepreneurs and commercial companies”; law “On tax procedures”; law “On accounting and financial statements” and law “On the prevention of money laundering and terrorism financing”. The records retention periods prescribed therein range from three (3) to ten (10) years
  • Preservation of evidence within the scope of statutes of limitations. Under Albanian Civil Code, these limitation periods may be up to ten (10) years.

In case of litigation, any personal data related to you shall be retained by all means until the end of litigation, even if the above period of ten (10) years has lapsed.

J. Who are the recipients of personal data?

Access to your personal data shall be awarded to the Bank’s business and operational units’ employees, within the range of their responsibilities, as well as to the Bank contractors as part of the proper performance and execution of their contractual, legal and regulatory obligations, and to the respective statutory auditors of the Bank.

The Bank shall not transmit or disclose your personal data to third parties, except in case of:

  • Undertakings (domestic and foreign), to which the Bank has partly or wholly assigned the processing of your personal data on its behalf, and which have assumed a confidentiality obligation towards the Bank either
    • a. as part of the contractual relations between them, determining the subject, purpose, and duration of processing, the nature of personal data processed and the rights of the Bank; or
    • b. as part of their regulatory obligations to respect the principle of confidentiality, such as.
      • i.Debtor information companies in order to further inform you, as Debtor and/or Guarantor, and to negotiate the time, method and other terms for the repayment of your overdue debt. The details of any company cooperating with the Bank shall be available on the Bank’s website (www.tiranabank.al), in the section Useful Information> Data Protection.
      • ii. Payment service and payment processing companies/organizations (e.g. SWIFT, VISA)
      • iii. Credit Institutions, Payment Institutions.
      • iv. Transmission of data which is imperative for the institution of a business relationship or the execution of an agreement, or for the recovery of the Bank’s claims in case of failure to comply with any obligations you assumed by means of an agreement you have concluded with the Bank (e.g. transmission to cooperating lawyers, law firms and court bailiffs, notaries, engineers and evaluators).
      • v. Companies engaged in the digitization and management (storage, destruction) of physical files.
      • vi. Companies dispatching statements or notifications.
      • vii. Companies cooperating with the Bank for the participation in conformity programs or for the promotion of the Bank’s products and services.

The Bank has lawfully ensured that any processors acting on its behalf shall meet all requirements and provide sufficient assurance regarding the implementation of the appropriate technical and organizational measures, so that the processing of your personal data occurs in a way that the protection of your data is ensured.

  • Credit Registry for the protection of credit, the consolidation of transactions and the restriction of fraud, as well as the estimation of the Customer’s credit worthiness.
  • Deposit Insurance Agency for the management of deposit insurance scheme aiming the safeguard of depositors’ interests and the contribution on financial stability in the Republic of Albania.
  • Any transmission or disclosure, as required by the current statutory, legal and regulatory framework in general or a court judgment (transmission to judicial authorities, tax authorities, supervisory bodies, intermediaries) in compliance with the provisions on banking secrecy.
  • Corporations of the financial sector in case of assignment of the Bank’s receivables arising from credit agreements.
  • Judicial and Public authorities within the exercise of their duties.
  • The Bank of Albania, or any other supervisory or audit bodies within their legal duties.
  • Companies providing remote electronic customer identification services and verification of the authenticity of the documents, in accordance with the provision of applicable law.
  • Financial institutions for the management of interfaces and access to customer data as well as Fintech companies that provide support services, after the client authorizes them.
  • Cloud computing service companies
  • Cyber security companies

The Bank shall not directly transmit your personal data to third countries or international organizations, unless said transmission is required pursuant to the current regulatory or legislative framework. Indicatively and through the respective national authorities, the Bank may transmit your personal data pursuant within the scope of the legislation on the CRS Common Reporting Standard established by OECD, or pursuant to the act on tax compliance of foreign accounts by US citizens or US residents holding foreign accounts (FATCA – Foreign Account Tax Compliance Act).

K. Data subject rights;

As personal data subject, you have the following rights:

  • Right of access to the personal data concerning you, provided that they are being processed by the Bank, in its capacity as the controller, to the purposes of said processing, the categories of data and the recipients or categories of recipients
  • Right to rectify inaccurate data and complete incomplete data.
  • Right to erase your personal data subject to the Bank’s obligations and legal rights to retain them, pursuant to the current applicable laws and regulations.
  • Right to restrict the processing of your personal data if either the accuracy of said data is contested or the processing is unlawful or the purpose of the processing was eliminated, and provided that there is no legitimate reason to retain them 
  • Right to the portability of your personal data to another controller, provided that the processing is based on your consent and is carried out by automated means. This right shall be exercised subject to the Bank’s legal rights and obligations to retain the data and to perform a task which is carried out in the public interest.
  • Right to object on grounds relating to your particular situation, in case your personal data is processed to perform a task carried out for reasons of public interest or in the exercise of official authority vested in the Bank or for the purpose of legitimate interests which are pursued by the Bank or any third party.

I. How to exercise your rights and submit complaints?

All requests regarding your personal data and the exercise of your rights shall be dispatched in writing to: “Tirana Bank S.A., Data Protection Officer (DPO)” and shall be sent either to dpo@tiranabank.al or delivered to any branch of the Bank. The full details of the Data Protection Officer (DPO) are posted on the Bank’s website (www. tiranabank.al). A special form for the exercise of the right of access shall be available at all branches.

Any refusal of the Bank or any unjustified delay in responding to your requests following the exercise of your rights, shall give you the right to recourse to the Data Protection Commissioner as the competent supervisor for the application of the GDPR.

In any case, you reserve the right to submit a complaint to the competent supervisory authority, if you consider that your personal data processing infringes the current applicable legislation. For more information please visit www.idp.al

Please be advised that Tirana Bank uses “cookies” on its website in order to improve your online experience. For more details on cookies, you may be informed by the Bank’s Terms of Use which are available at www.tiranabank.al

Based on the respective applicable policy on data protection and in the context of the current legislative and regulatory framework, Tirana Bank may review or amend this update, which shall always be up to date and available on the Bank’s website (www.tiranabank.al), in the section Useful Information> Data Privacy .

 

Privacy Policy

Data Protection

Tirana Bank SHA, through its official website, collects information in the form of surveys regarding the quality of its services. This information does not include personal data beyond demographic elements (age, gender, city, etc.) and does not include data that could directly identify an individual, except in cases where the user voluntarily provides such information.

The information collected is used solely for the institution’s internal assessment purposes, statistical analysis, and for improving the services offered to clients.

This information is processed and controlled exclusively by Tirana Bank SHA, headquartered at Boulevard “Zhan D’Ark”, Administrative Unit No. 2, “MET Tirana Building”, Tirana, and used only for communication, statistical or historical purposes, and for the improvement of services provided, in accordance with Law No. 124/2024, dated 19.12.2024, “On the Protection of Personal Data.”

For any processing that requires consent under the personal data protection legislation, including the GDPR, the Bank will request explicit, clear, and informed consent, which cannot be implied from the use of the website. The use of the website does not constitute consent for the processing of personal data.

The Bank will not use your data for marketing purposes unless it has obtained your prior explicit consent.

Personal data communicated via email (including the email address and any other personal data contained within the email) voluntarily sent to the addresses listed on this website will be processed solely by Tirana Bank SHA and only for the purpose for which they were sent.

Any personal data collected by Tirana Bank SHA through its website will be gathered, processed, and stored in full compliance with Law No. 124/2024, dated 19.12.2024, “On the Protection of Personal Data.”

Such processing will be carried out in accordance with the principles of respecting and guaranteeing fundamental human rights and freedoms, particularly the right to privacy. Therefore, personal data will not be disclosed to third parties unless required by law and/or by competent authorities.

The credentials used to access the TIBank electronic banking platform through our website are fully encrypted to ensure their confidentiality.

Personal data are retained only for as long as necessary to fulfill the purposes for which they were collected and are then deleted, except where a longer retention period is required by law. Data collected through the website are generally not retained for more than 5 years. Specific security measures are applied to prevent data loss, unlawful or unfair use, and unauthorized access. Tirana Bank SHA is responsible for implementing these requirements in all automated or other forms of data processing.

Under Law No. 124/2024, dated 19.12.2024, “On the Protection of Personal Data,” as amended, individuals have the right at any time to:

  • receive information on the processing of their data;
  • access their personal data;
  • request correction of inaccurate data or completion of incomplete data;
  • request deletion of data (“the right to be forgotten”);
  • request restriction of processing;
  • object to processing for legitimate reasons;
  • request data portability to another controller;
  • withdraw consent at any time.

Data subjects also have the right to request the cancellation, anonymization, or blocking of information and data processed in violation of the law, and to object, for legitimate reasons, to their processing.

If you believe your privacy has been violated or wish to exercise your rights, you may contact us at any time through any of our branches listed on our website, via the toll‑free number 0800 68 68, or by email at dpo@tiranabank.al. Our staff will be ready to provide the necessary assistance.

If users of the Tirana Bank SHA website are redirected to third‑party websites via links contained within it, the Bank is not responsible for the data management or personal data protection policies applied by third parties. This Privacy Policy does not apply to third‑party websites.

 

Cookies

When you access this website, information may be temporarily stored in your computer’s memory or hard drive to facilitate easier navigation. A cookie is a small piece of information sent by a web server to be stored in a browser so that it can later be retrieved. Cookies are not used to transmit personal data/passwords from users.

You may change your browser settings to prevent cookies from being stored if you do not wish to have them placed when visiting our website. However, doing so may limit your ability to fully access some webpages. Some cookies are stored only until the browser window is closed and are then automatically deleted.

 

Intellectual Property

This website must be considered as an indivisible whole. Complete or partial copying or transmission of its content is not permitted. All data (text, audio, and images) contained on this site are the property of Tirana Bank SHA or its partners. Copying, displaying, or distributing any part of this content, except for personal use, is strictly prohibited. Any violation of this rule constitutes an infringement with legal consequences.

The use or copying of the name “Tirana Bank” and/or its logo, whether separately or together, for any purpose—including advertising—is strictly prohibited without the prior written consent of Tirana Bank SHA.

This document constitutes the “Privacy Policy” of this website and may be subject to future updates. Any updates will be published on this page.

By accessing this website, you confirm that you have read and accepted the terms set out above.

 

InfoBank

+35542277700
Accessible from landlines and mobile phones
0800 68 68
CALL FREE, Without payment, accessible only from landlines
callcenter@tiranabank.al

Bulevardi Zhan D’Ark, Njesia Administrative Nr. 2, Godina “MET Tirana Building”, Kodi Postar 1010, Kutia Postare 2400/1, Tirane-Shqiperi

Follow us:

Profile

Career

Pricing

Contacts