At Baltic Union Bank ("BUBC", "we", "us", or "our"), we are committed to protecting your privacy and safeguarding your data. This Privacy Policy explains how we collect, use, process, and store your personal information when you use our services, website, or mobile application.

By accessing our services or providing your information to us, you consent to the practices described in this policy. We encourage you to read this document carefully to understand our data practices.

Data Controller Information

Identity Information

• Full legal name as registered in your country
• Date of birth
• Photograph for profile and identification purposes
• Country of origin

Contact Information

• Active email address
• Mobile phone number (connected to Telegram or WhatsApp)
• Temporary residential address
• Permanent residential address
• Postal code

Financial Information

• Bank account details
• Debit card information (for processing withdrawal requests)
• Transaction history

Technical Data

• IP address
• Login information
• Device information
• Browser type and version
• Time zone setting
• Operating system

Identity Verification Documents

• National ID cards
• Residence permits
• Passport information
• Savings book images

Providing Our Services

• To create and manage your account
• To process your transactions
• To facilitate withdrawals and deposits
• To generate and manage your digital bank card

Security and Verification

• To verify your identity
• To prevent fraud and money laundering
• To secure your account and transactions
• To comply with regulatory requirements

Communication

• To respond to your inquiries and support requests
• To send service-related notifications
• To provide updates about your account and transactions

Improvement of Services

• To analyze usage patterns and improve our platform
• To enhance user experience
• To troubleshoot issues and optimize performance

We process your data based on the following legal grounds:

• Contractual Necessity: Processing is necessary for the performance of the contract we have with you to provide banking services.
• Legal Obligation: Processing is necessary for compliance with legal obligations to which Baltic Union Bank is subject, including anti-money laundering regulations, tax laws, and financial reporting requirements.
• Legitimate Interests: Processing is necessary for our legitimate interests, such as fraud prevention, ensuring the security of our platform, and improving our services.
• Consent: Where required by law, we will obtain your explicit consent for specific processing activities.

Baltic Union Bank does not share customer data with third parties for marketing or commercial purposes. We take the confidentiality of your information very seriously and ensure that all sensitive data including passwords, PINs, emails, bank account numbers, mobile phone numbers, postal codes, and debit account data are encrypted with SHA256 technology.

We may, however, disclose your information in the following circumstances:

• Regulatory Requirements: When required by law, court order, or regulatory authority.
• Service Providers: With trusted service providers who assist us in operating our platform, conducting our business, or servicing you, subject to strict confidentiality agreements.
• Protection of Rights: When we believe disclosure is appropriate to protect our rights, your safety, or the safety of others.

We retain your data for as long as necessary to provide our services and fulfill the purposes outlined in this Privacy Policy unless a longer retention period is required or permitted by law. Typically, we maintain account information for the duration of your relationship with Baltic Union Bank, plus 7 years following account closure to comply with financial regulatory requirements.

After this period, your data will be securely deleted or anonymized in a manner that prevents re-identification. If you request deletion of your data, we will delete or anonymize it except where retention is necessary for legal or regulatory reasons.

Under applicable data protection laws, you have the following rights regarding your data:

• Right to Access: You can request access to the data we hold.
• Right to Rectification: You can request correction of your data if it is inaccurate or incomplete.
• Right to Erasure: You can request the deletion of your data in certain circumstances.
• Right to Restrict Processing: You can request restriction of processing of your data.
• Right to Data Portability: You can request the transfer of your personal data in a structured, commonly used, machine-readable format.
• Right to Object: You can object to the processing of your data in certain circumstances.
• Right to Withdraw Consent: Where processing is based on consent, you can withdraw your consent at any time.

To exercise any of these rights, please contact us at support@balticunited.com. We will respond to your request within 30 days.

Baltic Union Bank uses cookies and similar tracking technologies on our website and mobile application. We use Microsoft Clarity, Google Analytics, and Microsoft Bing for high-level tracking of event movements on our site. These tools help us understand how users interact with our platform, enabling us to improve user experience and optimize our services.

The types of cookies we use include:

• Essential Cookies: Necessary for the website to function properly.
• Analytical/Performance Cookies: Allow us to recognize and count visitors and see how they move around our website.
• Functionality Cookies: Enable us to personalize content for you.
• Targeting Cookies: Record your visit to our website, pages visited, and links followed.

You can control cookies through your browser settings. However, blocking some types of cookies may impact your experience of the site and the services we can offer.

Baltic Union Bank primarily stores and processes data within the European Economic Area (EEA). However, in some cases, your data may be transferred to, and processed in, countries outside the EEA that provide different levels of data protection.

In such cases, we implement appropriate safeguards to ensure your data receives an adequate level of protection, including:

• Transferring data to countries that have been deemed to provide an adequate level of protection by the European Commission.
• Using specific contracts approved by the European Commission (Standard Contractual Clauses) that give personal data the same protection it has in Europe.
• Implementing additional technical and organizational measures to protect your data during transfer and processing.

Baltic Union Bank implements robust security measures to protect your data from unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption: We use SHA256 encryption for sensitive data transmission and storage, which is an industry-standard secure hashing algorithm that provides a high level of protection.
• Access Controls: We implement strict access controls limiting who can access customer data based on job role and function.
• Network Security: We employ firewalls, intrusion detection systems, and network monitoring to prevent unauthorized access.
• Regular Security Audits: We conduct regular security assessments and penetration testing to identify and address potential vulnerabilities.
• Employee Training: Our staff undergo regular security awareness training to ensure they understand their responsibilities for data protection.
• Multi-Factor Authentication: We implement MFA for both customers and staff members to add layer of security.
• Data Encryption at Rest and in Transit: We ensure data is encrypted both when stored and when transmitted between systems.
• Secure Data Disposal: We follow secure procedures for data disposal when it is no longer needed.

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the updated Privacy Policy on our website or through other communication channels.

We encourage you to periodically review this Privacy Policy to stay informed about how we protect your personal information.

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal data from a child without verification of parental consent, we take steps to remove that information from our servers.

Baltic Union Bank complies with applicable data protection laws and regulations, including:

• General Data Protection Regulation (GDPR): As a financial institution operating in the European Union, we fully comply with the GDPR requirements regarding data processing, data subject rights, and breach notifications.
• Polish Act on Personal Data Protection: We adhere to national data protection legislation enforced by the Polish Data Protection Authority (UODO).
• Banking Secrecy Laws: We comply with banking secrecy provisions under the Polish Banking Law that impose confidentiality obligations regarding customer information.
• Payment Services Directive 2 (PSD2): We implement strong customer authentication and secure communication requirements under this EU directive for payment services.
• Anti-Money Laundering (AML) Regulations: We comply with AML regulations requiring certain customer data collection and retention for identification purposes.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

If you believe that your data has been processed in a way that does not comply with the GDPR, you have the right to complain with the Polish Data Protection Authority (Urząd Ochrony Danych Osobowych) or the data protection authority in the EU member state where you reside.