Privacy
Policy
Last updated: August 21, 2025
This Privacy Policy describes Our policies and
procedures on the collection, use and disclosure of Your information when You
use the Mobile Banking application for Business entities (m-ba Plus) and tells
You about Your privacy rights and how the law protects You.
We use Your Personal data to provide and improve the
Mobile Banking application for Business entities (m-ba Plus). By using the Mobile
Banking application for Business entities which also includes Craftsmen /
Independent entrepreneurs (m-ba Plus), You agree to the collection and use of
information in accordance with this Privacy Policy.
Interpretation
and Definitions
Interpretation
The
words of which the initial letter is capitalized have meanings defined under
the following conditions. The following definitions shall have the same meaning
regardless of whether they appear in singular or in plural.
Definitions
For
the purposes of this Privacy Policy:
- Account means
a unique account created for You to access our Mobile Banking application
for business banking (m-ba Plus) or parts of our Mobile Banking
application for business banking (m-ba Plus).
- Affiliate means
an entity that controls, is controlled by or is under common control with
a party, where "control" means ownership of 50% or more of the
shares, equity interest or other securities entitled to vote for election
of directors or other managing authority.
- Application means
the software program provided by the Bank downloaded by You on any
electronic device, named m-ba Plus.
- Bank (referred to as either
"the Bank", "We", "Us" or "Our" in
this Agreement) refers to UniCredit Bank d.d. Mostar, Kardinala Stepinca,
Mostar 88000. (Data Controller)
- Country refers
to: Bosnia & Herzegovina
- Device means
any device that can access the Mobile Banking application for Business
entities (m-ba Plus)
- Personal Data is
any information that relates to an identified or identifiable individual.
- Mobile Banking application for Business entities (m-ba Plus) refers to the Application.
- Mobile Banking application for Business entities (m-ba Plus) Provider means any
natural or legal person who processes the data on behalf of the Bank. It
refers to third-party companies or individuals employed by the Bank to
facilitate the Mobile Banking application for Business entities (m-ba
Plus), to provide the Mobile Banking application for Business entities
(m-ba Plus) on behalf of the Bank, to perform Mobile Banking application
for Business entities (m-ba Plus) related to the Mobile Banking
application for Business entities (m-ba Plus) or to assist the Bank in
analyzing how the Mobile Banking application for Business entities (m-ba
Plus) is used.
- Usage Data refers to data collected automatically, either generated by
the use of the Mobile Banking application for Business entities (m-ba
Plus) or from the Mobile Banking application for Business entities (m-ba
Plus) infrastructure itself (for example, the duration of a page visit).
- You means the individual accessing or using the Mobile Banking
application for Business entities (m-ba Plus), or the Bank, or other legal
entity on behalf of which such individual is accessing or using the Mobile
Banking application for Business entities (m-ba Plus), as applicable.
Collecting
and Using Your Personal Data
Types
of Data Collected
Personal Data
While using Our Mobile Banking application for
Business entities (m-ba Plus), We may ask You to provide Us with certain
personally identifiable information that can be used to contact or identify
You. Personally identifiable information may include, but is not limited to:
- Email address
- Phone number
- Usage Data
Usage Data
Usage Data is collected automatically when using the
Mobile Banking application for Business entities (m-ba Plus).
Usage Data may include information such as Your
Device's Internet Protocol address (e.g. IP address), browser type, browser
version, the pages of our Mobile Banking application for Business entities
(m-ba Plus) that You visit, the time and date of Your visit, the time spent on
those pages, unique device identifiers and other diagnostic data.
When You access the Mobile Banking application for
Business entities (m-ba Plus) by or through a mobile device, We may collect
certain information automatically, including, but not limited to, the type of
mobile device You use, Your mobile device unique ID, the IP address of Your
mobile device, Your mobile operating system, the type of mobile Internet
browser You use, unique device identifiers and other diagnostic data.
We may also collect information that Your browser
sends whenever You visit our Mobile Banking application for Business entities
(m-ba Plus) or when You access the Mobile Banking application for Business
entities (m-ba Plus) by or through a mobile device.
Use
of Your Personal Data
The Bank may use Personal Data for the following
purposes:
- To provide and maintain our Mobile Banking application for Business entities (m-ba Plus), including to monitor the usage
of our Mobile Banking application for Business entities (m-ba Plus).
- To manage Your Account: to manage Your registration as a user of the Mobile Banking
application for Business entities (m-ba Plus). The Personal Data You
provide can give You access to different functionalities of the Mobile
Banking application for Business entities (m-ba Plus) that are available
to You as a registered user.
- For the performance of a contract: the development, compliance and undertaking of the purchase
contract for the products, items or Mobile Banking application for
Business entities (m-ba Plus). You have purchased or of any other contract
with Us through the Mobile Banking application for Business entities (m-ba
Plus).
- To contact You: To
contact You by email, telephone calls, SMS, or other equivalent forms of
electronic communication, such as a mobile application's push
notifications regarding updates or informative communications related to
the functionalities, products or contracted Mobile Banking application for
Business entities (m-ba Plus), including the security updates, when
necessary or reasonable for their implementation.
- To provide You with
news, special offers and general information about other goods, Mobile
Banking application for Business entities (m-ba Plus) and events which we
offer that are similar to those that you have already purchased or
enquired about unless You have opted not to receive such information.
- To manage Your requests: To attend and manage Your requests to Us.
- For business transfers: We may use Your information to evaluate or conduct a merger,
divestiture, restructuring, reorganization, dissolution, or other sale or
transfer of some or all of Our assets, whether as a going concern or as
part of bankruptcy, liquidation, or similar proceeding, in which Personal
Data held by Us about our Mobile Banking application for Business entities
(m-ba Plus) users is among the assets transferred.
- For other purposes: We may
use Your information for other purposes, such as data analysis,
identifying usage trends, determining the effectiveness of our promotional
campaigns and to evaluate and improve our Mobile Banking application for
Business entities (m-ba Plus), products, Mobile Banking application for
Business entities (m-ba Plus), marketing and your experience.
We
may share your personal information in the following situations:
- With
Mobile Banking application for
Business entities (m-ba Plus) Providers: We may share Your
personal information with Mobile Banking application (m-ba) Providers to
monitor and analyze the use of our Mobile Banking application for Business
entities (m-ba Plus), to contact You.
- For
business transfers: We
may share or transfer Your personal information in connection with, or
during negotiations of, any merger, sale of Bank assets, financing, or
acquisition of all or a portion of Our business to another Bank.
- With
Affiliates: We may share your
information with our affiliates, in which case we will require those
affiliates to honor this Privacy Policy. Affiliates include our parent
Bank and any other subsidiaries, joint venture partners or other companies
that we control or that are under common control with us.
- With
business partners: We
may share Your information with our business partners to offer you certain
products, Mobile Banking application for Business entities (m-ba Plus) or
promotions.
- With Your consent: We may
disclose Your personal information for any other purpose with Your
consent. You may withdraw Your
previously given consent at any time and you have the right to object to
the processing of personal data for marketing and market research
purposes. In such a case, the personal data relating to you will no longer
be processed for such purposes, without affecting the lawfulness of
processing carried out prior to withdrawal. The provision of data for the
stated purposes is voluntary, and the Bank will not refuse the conclusion
or execution of a contract if the data holder refuses consent to the
provision of personal/personal data. Withdrawal of consent does not affect
the lawfulness of processing that was based on consent before it was
withdrawn.
Retention
of Your Personal Data
The
Bank will retain Your Personal Data only for as long as is necessary for the
purposes set out in this Privacy Policy. We will retain and use Your Personal
Data to the extent necessary to comply with our legal obligations (for example,
if we are required to retain Your data to comply with applicable laws), resolve
disputes, and enforce our legal agreements and policies.
The
Bank will also retain Usage Data for internal analysis purposes. Usage Data is
generally retained for a shorter period of time, except when this data is used
to strengthen the security or to improve the functionality of Our Mobile
Banking application for Business entities (m-ba Plus), or We are legally
obligated to retain this data for longer time periods.
Transfer
of Your Personal Data
Your
information, including Personal Data, is processed at the Bank's operating
offices and in any other places where the parties involved in the processing
are located. It means that this information may be transferred to — and
maintained on — computers located outside of Your state, province, country or
other governmental jurisdiction where the data protection laws may differ than
those from Your jurisdiction.
Your
consent to this Privacy Policy followed by Your submission of such information
represents Your agreement to that transfer.
The
Bank will take all steps reasonably necessary to ensure that Your data is
treated securely and in accordance with this Privacy Policy and no transfer of
Your Personal Data will take place to an organization or a country unless there
are adequate controls in place including the security of Your data and other
personal information.
Disclosure
of Your Personal Data
Business
Transactions
If
the Bank is involved in a merger, acquisition or asset sale, Your Personal Data
may be transferred. We will provide notice before Your Personal Data is
transferred and becomes subject to a different Privacy Policy.
Law
enforcement
Under
certain circumstances, the Bank may be required to disclose Your Personal Data
if required to do so by law or in response to valid requests by public
authorities (e.g. a court or a government agency).
Other
legal requirements
The
Bank may disclose Your Personal Data in the good faith belief that such action
is necessary to:
- Comply
with a legal obligation
- Protect
and defend the rights or property of the Bank
- Prevent or
investigate possible complaints in connection with the Mobile Banking
application for Business entities (m-ba Plus)
- Protect
the personal safety of Users of the Mobile Banking application for
Business entities (m-ba Plus) or the public
- Protect
against legal liability
Security
of Your Personal Data
As part of its internal protection system and for the
purpose of ensuring the security of your personal data, and in accordance with
relevant regulations and defined obligations, the Bank applies and undertakes
appropriate organizational and technical measures, i.e. measures against unauthorized
access to personal data, alteration, destruction or loss of data, unauthorized
transfer, and other forms of unlawful processing or misuse of personal data.
Changes
to this Privacy Policy
We
may update Our Privacy Policy from time to time. We will notify you of any
changes by posting the new Privacy Policy on this page.
We
will let you know via email and/or a prominent notice on Our Mobile Banking
application for Business entities (m-ba Plus), prior to the change becoming
effective and update the "Last updated" date at the top of this
Privacy Policy.
You
are advised to review this Privacy Policy periodically for any changes. Changes
to this Privacy Policy are effective when they are posted on this page.
Contact
Us
If
you have any questions about this Privacy Policy, You can contact Us:
Every person whose personal data is processed by the
Bank has, as a primary and fundamental right, access to all personal data
provided, as well as the right to correction and deletion of personal data (to
the extent permitted by law), the right to restriction of processing, all in
the manner defined by applicable legal regulations.
The Bank's employees are at your disposal in all
branches of the Bank and the Personal Data Protection Officer can be contacted
in writing at the address: UniCredit Bank dd, Personal Data Protection Officer,
Kardinala Stepinca bb, 88000 Mostar or via e-mail: dpo@unicreditgroup.ba
For more detailed information on how the Bank
processes personal data, please visit UniCredit Bank zaštita podataka where detailed "Information on the processing of
personal data of UniCredit Bank d.d." is published.