The ECB processes your data for different purposes and on different legal grounds (pursuant to Article 6 of the GDPR, Law 133/2011, and Article 6 of Law 195/2024), as follows:

a) The data subject has given consent to the processing of their personal data for one or more specific purposes (only where necessary), including:

• personalized marketing

• sending commercial offers

• optional cookies, etc.

b) Processing is necessary for the performance of a contract to which the data subject is a party, or for taking steps at the request of the data subject prior to entering into a contract;

In the event of entering into a contract between the data subject and the ECB as a result of contracting a package of banking and financial products and services, as well as in the case of requesting a credit/deposit simulation, the provision of any banking and financial services based on a contract (transactions/occasional operations such as: currency exchange, cash deposit into another person’s account, payment of loan installments for ECB clients, bill exchange, etc.); management of the relationship with clients/data subjects, data quality management, execution or processing of payment transactions through the SWIFT system, including, where applicable, the transfer of personal data to the USA by SWIFT.

c) Processing is necessary for compliance with a legal obligation to which the controller is subject;

Fulfillment of obligations related to the provision of banking services, including the entry of data from identity documents into the ECB’s IT applications; prevention of fraud and ensuring banking secrecy through analysis/verification of the authenticity of the presented identity document; compliance with applicable banking regulations to meet customer due diligence requirements, prevent money laundering, and combat terrorism financing; daily reporting of transactions in accordance with applicable legislation; management of conflicts of interest; handling inspections by authorities; fulfillment of banking supervision obligations over the ECB and reporting to supervisory authorities; compliance with national and European prudential requirements applicable to credit institutions (including effective management of fraud risk by maintaining a warning list documenting attempts and suspicions of fraud); liquidity management, balance sheet optimization, and transfer pricing; portfolio management; administrative and financial management; retention/storage (prior to archiving) and archiving of contractual documentation in accordance with legal provisions (including ensuring operations related to these activities); internal audit; ensuring health and safety within ECB premises and its branches; implementation of personal data update and security measures (including performing backups); data quality management; management of relations with public authorities, including providing relevant information in accordance with legal provisions, or to other persons providing a public service (such as judicial executors, notaries, etc.).

d) Processing is necessary to protect the vital interests of the data subject or of another natural person (video recordings through the Bank’s internal video surveillance system and its territorial subdivisions, Access Control system);

e) Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;

• the performance of a task carried out in the public interest as provided by legal provisions;

• the exercise by the controller of functions or powers conferred by legal provisions.

In accordance with banking, AML/KYC, fiscal, material, and procedural legislation, as well as regulatory requirements, which require reporting and the transmission of information to:

• National Bank of Moldova

• Service for the Prevention and Combating of Money Laundering

• Fiscal (SFS) and judicial authorities (Arbitration, courts)

• Law enforcement authorities (Prosecutor’s Office, Ministry of Internal Affairs, CNA, SIS, etc.)

• Other authorities entitled to this information (Notaries, Judicial Executors, CNAS, BNS, CNOFM, etc.)

f) Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject, which require the protection of personal data, in particular where the data subject is a child.

Implementation of means allowing any person to report discrepancies related to the banking services provided by the ECB; improvement of banking services through the optimization of internal flows, policies, and procedures (including cost and budget optimization through cost controlling activities); monitoring of transactions and contacting the client/data subjects to prevent fraud; design, development, testing, and use of existing or new IT systems and IT services (including database storage domestically or abroad); ensuring health and safety within ECB premises and its branches; management of relations with public authorities, including the provision of relevant information in accordance with legal provisions, or to other persons providing a public service (judicial executors, notaries, etc.); profiling and segmentation activities for analytical purposes; conducting surveys regarding banking services, ECB activities, and contractual partners; management of complaints regarding banking services, including establishing, exercising, or defending ECB’s and/or its subsidiaries’ rights in court, as well as gathering evidence for this purpose.

Provision of any banking and financial services (transactions/occasional operations such as: currency exchange, cash deposits into another person’s account, payment of loan installments for ECB clients, bill exchange, etc.); management of the relationship with clients/data subjects, data quality management, execution or processing of payment transactions through the SWIFT system, including, where applicable, the transfer of personal data to the USA by SWIFT.